Reconnaissance and Profiling the Web Server
include the following tasks:
- IP adddress,subdomains,whois records,Dns servers,search engines
- using google,bing,yahoo,and shodan,archive.org
- social networking sites:Facebook,Flick,Instagram,Twitter,Maltego
- Determining the physical location of the target using Geo IP database,satelite images from Google Maps and Bing Maps
- Spidering the web application and creating sitemaps:Burp Suite,HTTP Track,and ZAP
whois
- Identifying hosts using DNS
- Zone transfer using dig:
- Brute force DNS records using Nmap:it makes use of the dictionary files
vhosts-defaults.lst
sndvhosts-full.lst
,which contain a large list of common hostnames :nmap --scirpt dns-brute --script-args dns-brute.domain=pentesting-lab.com
The Recon-ng tool-a framework f