✏️
VuldarCourses
  • Welcome Page
  • CEH-Content
    • CEH Disclaimer
      • Summary Template
        • NULL
      • Practical Template
    • 0️Footprinting and Reconnaissance
      • Module 02 - Summary
        • Search Engines
        • Web Services
        • Social Networking
        • Website Footprinting
      • Module 02 - Practical
    • 1️Scanning Network
      • Module 03 - Summary
      • Module 03 - Practical
    • 2️Enumeration
      • Module 04 - Summary
      • Module 04 - Practical
    • 4️Vulnerability Analysis
      • Module 05 - Summary
      • Module 05 - Practical
    • ✍️Practical Engagement I
    • 5️System Hacking
      • Module 06 - Summary
      • Module 06 - Practical
  • IBM Cybersecurity
    • Network Security & Database Vulnerabilities
      • TCP/IP Protocol Framework
Powered by GitBook
On this page
  • Extract Domain & Sub-Domain
  • Netcraft
  • Personal Information
  • Determine Target OS
  • Censys
  1. CEH-Content
  2. Footprinting and Reconnaissance
  3. Module 02 - Summary

Web Services

PreviousSearch EnginesNextSocial Networking

Last updated 1 year ago

As a professional ethical hacker or pen tester, you should be able to extract a variety of information about your target organization from web services. By doing so, you can extract critical information such as a target organization’s domains, sub-domains, operating systems, geographic locations, employee details, emails, financial information, infrastructure details, hidden web pages and content, etc.

Using this information, you can build a hacking strategy to break into the target organization’s network and can carry out other types of advanced system attacks.

Extract Domain & Sub-Domain

Domains and sub-domains are essential components of an organization's network infrastructure. They provide valuable information about an organization's history, services, products, and contact details. By examining a company's top-level domains (TLDs) and sub-domains, we can gain insights into its online presence.

Netcraft

Netcraft is a web service that allows us to extract this information easily. In this guide, we will walk through the process of using Netcraft to find a company's domains and sub-domains.

Click on the menu icon located in the top-right corner of the page. From the dropdown menu, navigate to "Resources" > "Tools" > "Site Report."

Personal Information

Determine Target OS

Censys

Having knowledge about the operating system (OS) running on a target machine is crucial. By employing various passive footprinting techniques, ethical hackers can gather valuable information, including the target organization's city, country, latitude/longitude, hostname, operating system, and IP address. Most of the time this can help as "superficial information"

You can observe the OS information (e.g., Ubuntu). Additionally, you can also find other details such as protocols in use, software installed, host keys, and more.

Alternatives

Example:

The "Site report for " page will appear, presenting information related to the background, network, hosting history, and more, as displayed in the screenshot.

Additionally, there are other tools available for identifying domains and sub-domains of any target website. Examples include Sublist3r () and Pentest-Tools Find Subdomains #().

In the CEH, they show tools for gathering personal information like and for emails they suggest , but I think there is no need to give details about these tools.

As an example, type the target website (e.g., ) and press Enter. From the search results, click on any Host's IP address to gather OS details. Information gathered:

There are other web services available, such as Netcraft (), Shodan ().

0️
https://www.eccouncil.org
https://www.eccouncil.org
https://github.com
https://pentest-tools.com
PeekYou
TheHarvester
www.eccouncil.org
https://www.netcraft.com
https://www.shodan.io
NetcraftNetcraft
Censys SearchCensys
Logo
Logo