Information Gathering - web edition
WHOIS
Command | Description |
| Assign target to an environment variable. |
| WHOIS lookup for the target. |
DNS Enumeration
Command | Description |
| Identify the |
| Identify the |
| Identify the |
| Identify the |
| Identify the |
| Identify the |
| Identify |
| Identify |
| Identify the |
| Identify the |
| Identify the |
| Identify the |
Passive Subdomain Enumeration
Resource/Command | Description |
| |
| |
| |
| All subdomains for a given domain. |
| All TLDs found for a given domain. |
| All results across all TLDs for a given domain. |
| Reverse DNS lookup on IP address. |
| Reverse DNS lookup of a CIDR range. |
| Certificate Transparency. |
| Searching for subdomains and other information on the sources provided in the source.txt list. |
Sources.txt
Code: txt
Passive Infrastructure Identification
Resource/Command | Description |
| |
| |
| |
| Crawling URLs from a domain with the date it was obtained. |
Active Infrastructure Identification
Resource/Command | Description |
| Display HTTP headers of the target webserver. |
| Technology identification. |
| |
| WAF Fingerprinting. |
| |
| Makes screenshots of all subdomains in the subdomain.list. |
Active Subdomain Enumeration
Resource/Command | Description |
| |
| |
| Zone Transfer using Nslookup against the target domain and its nameserver. |
| Bruteforcing subdomains. |
Virtual Hosts
Resource/Command | Description |
| Changing the HOST HTTP header to request a specific domain. |
| Bruteforcing for possible virtual hosts on the target domain. |
| Bruteforcing for possible virtual hosts on the target domain using |
Crawling
Resource/Command | Description |
| |
| Discovering files and folders that cannot be spotted by browsing the website. |
| Mutated bruteforcing against the target web server. |
Last updated