Web Mapping

Active Reconnaissance
by TechnoHerder : 2 Comments

Google dork your target
site: google.com

Also go to the site and click View Certificate
Go to Details
Look for data like subdomains

The tool nmap can also be used to search for vulnerabilities

nmap -v --script vuln google.com
nmap -v --script dos tryhackme.com
nmap -v --script /root/hacking/http-enum.nse hackthebox.com

Run sublist3r on your target

sublist3r -v -d google.com -b

Execute subbrute on your target

./subbrute.py google.com
./subbrute.py google.com gmail.com blogger.com
./subbrute.py -t list.txt
./subbrute.py gmail.com > gmail.out
./subbrute.py -t gmail.out
./subbrute.py dev-cbsandyou.cbs.com > results.txt

Enumerate subdomains

  • Zone transfers
  • Use Google
site:.technoherder.com -site:www.technoherder.com -site:multimedia.technoherder.com -site:lootbox.technoherder.com -site:hack.technoherder.com

Run traceroute

traceroute tryhackme.com

Execute a dig on your target

dig technoherder.com

Check DNS with dnsenum

dnsenum sans.org -f /usr/share/dirbuster/wordlists/directories.jbrofuzz
dnsenum -p 20 -s 100 --threads 5 cbs.com

Another fun tool is whatweb

whatweb dev-cbsandyou.cbs.com -v
whatweb mydronereviews.com -v

Track where the call came from with dnstracer

dnstracer -r 3 -v mydronereviews.com

Execute theharvester on them

theharvester -d technoherder.com -b bing

Scan your target with nikto

nikto -h {IP_ADDRESS}nikto -h {IP_ADDRESS}:{PORT_NBR}

Enumerate the directories with gobuster and dirsearch

gobuster dir -e -u technoherder.com -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt -s "200,204,302,307,401,403"
gobuster dir -u http://{IP_ADDRESS}/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt
gobuster dir -e -u https://test.com/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt -o /home/kali/Documents/PenetrationTesting/bounty/killAcademy2.txt -x .php -c 'PHPSESSID=f5c37cd8621c31e564d9b222e596e5dd' -S 9822dirsearch -u "https://technoherder.com/" -e html -t 50 -w ./killAcadDir.dat -x 403

References

https://crt.sh/

https://whois.domaintools.com/

https://www.virustotal.com/gui/

https://dnsdumpster.com/

http://shodan.io/

https://www.exploit-db.com/google-hacking-database

https://www.exploit-db.com/

https://www.netcraft.com/

2 thoughts on “Web Mapping

  1. Hello There. I found your blog using msn. This is a really
    well written article. I’ll be sure to bookmark
    it and return to read more of your useful info.
    Thanks for the post. I’ll certainly comeback.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *