Penetration 2 - Passive Reconnaissance of Web App

By Sheldon L

Published at 2020-04-19

Updated at 2020-04-19

---

Getting Ready

• Penetration 1 - Start up Web App Penetration;
• Select NAT instead of Host-only;

• Target domain name is ‘zonetransfer.me’ (see DigiNinja)

  • To get domain information in Kali

  
  whois zonetransfer.me   # get registration information
  
  dig ns zonetransfer.me  # get domain name and DNS resolution
  
  # zone transfer attack
  dig axfr @nsztmi.digi.ninja zonetransfer.me # get subdomains and hosts
  
  # identity email
  theHarvester -b all -d zontransfer.me
  # -b all: all supported search engine
  # -d zonetransfer.me: domain name
  
  

  • For each web server in scope, to find the software it use through Netcraft Site Reporter

  • To find a previous version of the targets, WayBack Machine

  • Google Search options like site:target_domain

  • Open Bug Bounty

  • Pastebin