HomeWriteupsResourcesCheatsheets

Foot Printing and Reconnaisance

Directory Enumeration - Finding Directories in a Website

Using Gobuster

gobuster dir -u http://10.10.10.1/ -w usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Using ffuf

ffuf -u http://10.10.10.11/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

File Enumeration - Finding Specific files in a Website

Using Gobuster

gobuster dir -u http://10.10.10.1/ -w usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .html,.css,.js

Using ffuf

ffuf -u http://10.10.10.11/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e .html,.css,.js,.conf

VHOST Enumeration - Finding Subdomains of a Website

Using Gobuster

Using ffuf

Digital Certificates

We can find subdomains from certificates issued to the main domain as sometimes they all use the same certificate.

Digital Certificates Search Engines

DNS Enumeration

Automated Tools

  • dnsrecon -d zonetransfer.me -t axfr

  • dnsenum zonetransfer.me

  • fierce --domain zonetransfer.me

Linux

  • dig <ip/domain> - Normal / DNS lookup

  • dig ns zonetransfer.me - Name Server

  • dig mx zonetransfer.me - Mail Server

  • dig cname zonetransfer.me - cname record

  • host zonetransfer.me - Normal / DNS lookup

  • host -t ns zonetransfer.me - Name Server

  • host -t mx zonetransfer.me - Mail Server

  • host -t cname zontransfer.me - cname record

  • host <IP> - Reverse Lookup

Windows

  • nslookup zonetransfer.me

  • Just type nslookup to enter interactive mode in windows.

  • Then type set type=ns, press enter [ type = ns, txt, …. ]

  • Next type zonetransfer.me, press enter

Zone Transfer

Finding Name Servers

First find the name servers using any one of the following commands:

  • host -t ns zonetransfer.me

  • dig ns zonetransfer.me

Then Check each name server for zone transfer using the following commands:

Using host

Using dig

Using nslookup

PreviousIntroductionNextNetwork Scanning and Enumeration

Last updated

Was this helpful?