Scribd
Upload
772 views2 pages

SEO Techniques for Reconnaissance

The document discusses various reconnaissance techniques including using the Robots.txt file, DNS mapping tools like DNSmap, ping command to find IP addresses, ip2location.com to find hosting details, Google hacking queries, and using the HTTrack tool to clone a website.

Uploaded by

Klaudia Francis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
772 views2 pages

SEO Techniques for Reconnaissance

The document discusses various reconnaissance techniques including using the Robots.txt file, DNS mapping tools like DNSmap, ping command to find IP addresses, ip2location.com to find hosting details, Google hacking queries, and using the HTTrack tool to clone a website.

Uploaded by

Klaudia Francis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Reconnaissance

The term Reconnaissance by definition comes from the military warfare strategy of exploring
beyond the area occupied by friendly forces to gain information about the enemy for future
analysis or attack.

Information from Company Website

The Robots.txt file is publicly available and found on websites that gives instructions to web robots
(also known as search engine spiders), about what is and not visible using the Robots Exclusion
Protocol. The Disallow: / statement tells a browser not to visit a source; however, a Disallow can
be ignored by giving a researcher intelligence on what a target hopes to not disclose to the public.

• To view the Robots.txt file, find the Robots.txt file in the root directory of a target
website: www.rediff.com/robots.txt or www.facebook.com/robots.txt

Finding IP Address of a Domain-Using DNSmap analysis


Domain Name System (DNS) is a hierarchically distributed naming system of servers/resources
connected to the Internet. The domain names are used to access that particular service. For
example, www.northumbria.com is used to access the HTTP server hosted by Northumbria
University. Let us check out the DNSmap tool provided in Kali.
• DNSmap is a tool that is used to discover all the subdomains associated with a given
domain. Passing the following command at the terminal will show complete DNS mapping
for www.rediff.com:
dnsmap rediff.com
After practicing above domain try to run the dnsmap tools on other domains which might
not have proper security in place against dns mapping.
Using PING Command
You can use ping command at your prompt. This command is available on Windows as well as
on Linux OS. Following is the example to find out the IP address of justeat.co.uk
ping justeat.co.uk
From the output corresponding IP address can be found.

Finding Hosting Company


Once you have the website address, you can get further detail by using ip2location.com website.
• Go to the website, use the demo version and try to identify hosting company details
Google Hacking

Google hacking is the most common form of search engine Reconnaissance of web applications.

• Example Query : inurl:main.cgi Linksys


Click on any resulting links and you can view the feed of Linksys wireless camera
• intitle:"index of /" ssh
Gives you SSH version, SSH keys, SSH login
• inurl:apspassword
Use this for possible SQL injection attacks (We will see them later)
• inurl:/scripts/wgate
Potentional for privilege escalation / password attacks

https://www.exploit-db.com/google-hacking-database link will give you all possible search


queries that have been tested to give fruitful outputs.

HTTrack – clone a website

HTTrack is a tool built into Kali. The purpose of HTTrack is to copy a website. It allows a
Penetration Tester to look at the entire content of a website, all its pages, and files offline, and in
their own controlled environment.

Step 1 You will want to create a directory to store your copied website.
mkdir mywebsite
Step 2 to start HTTrack, type httrack and give a project name

Step 3 Select the directory to save the website


/root/mywebsite
Step 4 Enter the URL you want to capture (It can be any website) but try avoiding using websites.

Step 5 The next two options are presented regarding what you want to do with the captured site.
Option 2 is the easiest method, which is a mirror website with a wizard

Step 6 Next, you can specify if you want to use a proxy to launch the attack (Keep it blank for this
exercise)

Step 7 You can also specify what type of files you want to download. Enter * to specify all files

Step 8 before httrack runs, it will display the command that it is running. You can use this
command in the future if you want to run httrack without going through the wizard again.

You might also like