search

Website

When beginning recon on a domain, the first thing to do is to view the webpage. Have a look around and become familiar with the layout.

Make a note of important things like

hashtag
Who is

the next thing to do is WhoIs to find out information about who owns and created the domain.

These commands can be used to resolve the DNS

host website.com
nslookup website.com

Whois can then be used with the IP you get from resolving the DNS

whois 192.168.1.101

hashtag
Website OSINT tools

  • BuiltWith – https://builtwith.com/

  • Domain Dossier – https://centralops.net/co/

  • DNSlytics – https://dnslytics.com/reverse-ip

  • SpyOnWeb – https://spyonweb.com/

  • Virus Total – https://www.virustotal.com/

  • Visual Ping – https://visualping.io/

  • Back Link Watch – http://backlinkwatch.com/index.php

  • View DNS – https://viewdns.info/

hashtag
Search for website

  • Domain dossiers can be used to scan domains.

  • Who is record – who owns the website

  • DNS records – find where email may be hosted

  • reddit.com/domain/domain.com

hashtag
Website OSINT Tools

  • Subfinder – https://github.com/projectdiscovery/subfinder

  • Assetfinder – https://github.com/tomnomnom/assetfinder

  • httprobe – https://github.com/tomnomnom/httprobe

  • Amass – https://github.com/OWASP/Amass

  • GoWitness – https://github.com/sensepost/gowitness/wiki/Installation

  • Wappalyzer (firefox extension)

PreviousPassive information GatheringNextFinding SubDomains

Last updated