-
Notifications
You must be signed in to change notification settings - Fork 1
/
OSINT_CheatSheet.txt
46 lines (35 loc) · 2.21 KB
/
OSINT_CheatSheet.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
[#] WHOIS command
Whois command could give you usefull information as Hosting Provider / Domain Name Provider Owner Name, email and phone numbers of company related members that can be used to validate or improve search information in the OSINT step.
[#] DNS Enumeration
DNS enumeration is the process of locating all the DNS servers and their corresponding records for an organization. A company may have both internal and external DNS servers that can yield information such as usernames, computer names, and IP addresses of potential target systems.
Tools that could be used:
recon-ng:
use recon/domains-hosts/brute_hosts
dnsrecon:
. Brute force domains and hosts using a given dictionary.
dnsrecon -d demo.com -t brt -D /path/to/subdomains.wd --iw
. Test all NS servers for a zone transfer.
dnsrecon -d demo.com -t axfr
[#] Web Spidering:
Web Spidering is the process of locating all the Domains that were index by searche engine spiders as Google and Bing:
recon-ng:
.Search domains from google web pages
use recon/domains-hosts/google_site_web
.Search domains from Bing web pages
use recon/domains-hosts/bing_domain_web
.Search domains from HackerTarget
use recon/domains-hosts/hackertarget
theharvester:
. Search google, googleCSE, bing, bingapi, pgp, linkedin,google-profiles, jigsaw, twitter, googleplus, all
theharvester -d demo.com -b all
. use SHODAN database to query discovered hosts
theharvester -d demo.com -h
[#] Maltego
Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet.
Maltego could be usefull to tie all the information together in the OSINT process.
Usefull Maltego Modules:
. Company Stalker: Starting Point of all OSINT tasks with Maltego
. To DNS Name -> MX: Return a Email Resolution Domains
. To DNS Name -> Zone Transferense: Try to exploit Zone Transferense bug to get subdomains.
. To DNS Name -> NS: Return DNS Resolution Servers.
. To DNS Name -> Find common DNS Names / Using Name Schema dictionary : Enumerate common DNS Names