search
GitHubTwitterExegolTools

Web infrastructure

hashtag
Theory

hashtag
Practice

shodan : net:"SUBNET/MASK"

zoomeye : IP/MASK

fofa.so

Get the DNS servers, their records, and map the domain: -https://dnsdumpster.com/arrow-up-right IP énumération + response header from domain name: -https://zoomeye.orgarrow-up-right Find subdomains: -https://findsubdomains.comarrow-up-right Find technologies used and versions of a webapp: -https://github.com/urbanadventurer/WhatWebarrow-up-right

Website caching platforms: -https://archive.org/arrow-up-right -https://archive.fo/arrow-up-right

Google Analytics:

  • The last piece of information that is really interesting is to check if the same Google Analytics / Adsense ID is used in several websites. This technique was discovered in 2015 and is well described here by Bellingcatarrow-up-right.

  • Certificats?

Using Google Dorks to find subdomains

PreviousEmailsNextOSINT

Last updated

Was this helpful?