Web Services
As a professional ethical hacker or pen tester, you should be able to extract a variety of information about your target organization from web services. By doing so, you can extract critical information such as a target organization’s domains, sub-domains, operating systems, geographic locations, employee details, emails, financial information, infrastructure details, hidden web pages and content, etc.
Using this information, you can build a hacking strategy to break into the target organization’s network and can carry out other types of advanced system attacks.
Extract Domain & Sub-Domain
Domains and sub-domains are essential components of an organization's network infrastructure. They provide valuable information about an organization's history, services, products, and contact details. By examining a company's top-level domains (TLDs) and sub-domains, we can gain insights into its online presence.
Netcraft
Netcraft is a web service that allows us to extract this information easily. In this guide, we will walk through the process of using Netcraft to find a company's domains and sub-domains.
Click on the menu icon located in the top-right corner of the page. From the dropdown menu, navigate to "Resources" > "Tools" > "Site Report."
Example: https://www.eccouncil.org
The "Site report for https://www.eccouncil.org" page will appear, presenting information related to the background, network, hosting history, and more, as displayed in the screenshot.
Additionally, there are other tools available for identifying domains and sub-domains of any target website. Examples include Sublist3r (https://github.com) and Pentest-Tools Find Subdomains #(https://pentest-tools.com).
Personal Information
In the CEH, they show tools for gathering personal information like PeekYou and for emails they suggest TheHarvester, but I think there is no need to give details about these tools.
Determine Target OS
Censys
Having knowledge about the operating system (OS) running on a target machine is crucial. By employing various passive footprinting techniques, ethical hackers can gather valuable information, including the target organization's city, country, latitude/longitude, hostname, operating system, and IP address. Most of the time this can help as "superficial information"
As an example, type the target website (e.g., www.eccouncil.org) and press Enter. From the search results, click on any Host's IP address to gather OS details. Information gathered:
You can observe the OS information (e.g., Ubuntu). Additionally, you can also find other details such as protocols in use, software installed, host keys, and more.
Alternatives
There are other web services available, such as Netcraft (https://www.netcraft.com), Shodan (https://www.shodan.io).
Last updated
