Network Information

MITRE ATT&CK, Reconnaissance, Technique T1590

DNS Information

Subdomain enumeration is the process of finding valid resolvable subdomains for a companies domain(s). The more you can find, the more you can hack.

Google Dork

site:*.$domain -www)

Dome

# Passive subdomain enumeration
dome.py -m passive -d $domain

# Active enumeration
dome.py -m active -d $domain

Sublist3r

# Passively enumerate subdomains
sublist3r.py -d $domain

# Enumerate subdomains and utilize the 'brute force' module
sublist3r.py -b -d $domain

DNSRecon

# Enumerate subdomains
dnsrecon -d $domain

# Enumerate subdomains and perform a zone transfer
dnsrecon -a -d $domain

Amass

# Retrieve the target domains ASN number
amass enum -d $domain

Gobuster

# Actively enumerate subdomains
gobuster dns --domain $domain --wordlist $wordlist

IP Addresses

Hurricane Electric Internet Services

Hurricane Electric Internet Services is a fast way to identify what company owns what IP

SecurityTrails

SecurityTrails Another good site for verifying IP addresses and netblocks belonging to an organization

NetBlockTool

NetblockTool can be used to gather IP ranges, points of contact, and even netblocks belonging to your target’s subsidiaries

Basic usage

python3 NetblockTool.py -v [COMPANY]

Extract ranges owned by the target company’s subsidiaries

python3 NetblockTool.py -v Company -s

Network Information

DNS Information

Google Dork

Dome

Sublist3r

DNSRecon

Amass

Gobuster

IP Addresses

Hurricane Electric Internet Services

SecurityTrails

NetBlockTool

References

References

DNS Information

IP Addresses

DNS Information

Google Dork

Dome

Sublist3r

DNSRecon

Amass

Gobuster

IP Addresses

Hurricane Electric Internet Services

SecurityTrails

NetBlockTool

References

References

DNS Information

IP Addresses