Infrastructure
Check List
Cheat Sheet
Search Engine
Sub Domains
site:$WEBSITEHTTP Title
intitle:"login" |
intitle:"admin" |
intitle:"administrator"
site:$WEBSITEURI
inurl:conf |
inurl:env |
inurl:cgi |
inurl:bin |
inurl:etc |
inurl:root |
inurl:sql |
inurl:backup |
inurl:admin |
inurl:php
site:$WEBSITEFile Types
filetype:pdf |
filetype:csv |
filetype:xls |
filetype:xlsx
site:$WEBSITEExtensions
ext:log |
ext:txt |
ext:conf |
ext:cnf |
ext:ini |
ext:env |
ext:sh |
ext:bak |
ext:backup |
ext:swp |
ext:old |
ext:~ |
ext:git |
ext:svn |
ext:htpasswd |
ext:htaccess |
ext:json |
ext:daf
site:$WEBSITEExact Phrase
"choose file" site:$WEBSITE Cache
cache:"$WEBSITE"Port
port:22Country
country:"IR"City
city:"Tehran"Organization
org:"United States Department"Product
product:"Apache"Date
product:"apache" after:"22/02/2009" before:"14/3/2010"Service
services.service_name: "HTTP"Country
location.country: "Iran"TLS Cipher
services.tls.certificate.parsed.subject.common_name: "$WEBSITE"ASN
autonomous_system.asn: 15169Banner
services.banner: "Apache"Port
port:80Application
app:"Apache"Country
country:"Iran"IP
ip:"$TARGET"City
city:"Tehran"OS
os:"Windows"Useful Website
Whois
Whois
Revers Whois
DNS
IP Address
Domain Scan
Run Machine > URL To Network And Domain Information > Fill in Input your Target > Right Click Domain > All Transforms
Create New Graph
Application Menu > New
Entity Palette > Infrastructure > Drag & Drop Domain > Enter Domain Name
Get IP Address
Right-click Domain > Run Transforms > All Transforms > [Securitytrails] DNS History Field A
DNS Records
Right-click Domain > Run Transforms > All Transforms > [WhoisXML] DNS lookup
Name Servers
Right-click Domain > Run Transforms > All Transforms > [Securitytrails] DNS History Field NS
Right-click Domain > Run Transforms > All Transforms > To DNS Name - NS
Mail Servers
Right-click Domain > Run Transforms > All Transforms > To DNS Name - MX
Whois Information
Right-click Domain > Run Transforms > Domain owner detail
Right-click Domain > Run Transforms > Domain owner detail > To Entities from WHOIS [IBM Watson]
Right-click Domain > Run Transforms > Domain owner detail > To Entities from WHOIS > To WHOIS Records [Whois XML]
Emails Related to Domain
Right-click Domain > Run Transforms > Find in Entity Properties > To E-Mail addresses [within Properties]
Right-click Domain > Run Transforms > hunter > Find Email Address [Hunter]
Subdomains
Right-click Domain > Run Transforms > All Transforms > [Securitytrails] List Subdomains
Right-click Domain > Run Transforms > All Transforms > To Subdomains (+Historical)[Shodan]
Right-click Domain > Run Transforms > All Transforms > To Subdomains(Passive DNS)[OTX]
Right-click Domain > Run Transforms > All Transforms > To Subdomains[Shodan]
Right-click Domain > Run Transforms > All Transforms > To Subdomains[VirusTotal Public API]
Phone Numbers
Right-click Domain > Run Transforms > To Phone numbers [From whois info]
Right-click Domain > Run Transforms > To Phone Numbers [using Search Engine]
Right-click Domain > Run Transforms > To Phone Numbers [within Properties]
Run Recon-ng
recon-ngList Commands
[recon-ng][default] > helpView All Modules
[recon-ng][default] > marketplace searchInstall a Module
[recon-ng][default] > marketplace install recon/domains-contacts/hunter_ioLoad a Module
[recon-ng][default] > modules load hunter_ioList Module Options
[recon-ng][default][hunter_io] > options listSet Module Options
[recon-ng][default][hunter_io] > options set SOURCE $WEBSITERun Module
[recon-ng][default][hunter_io] > runList API Keys
[recon-ng][default] > keys listAdd API Key
[recon-ng][default] > keys add hunter_io 9918b4ea[...]b46a73f071 Remove API Key
[recon-ng][default] > keys remove hunter_io Metadata Extraction
metagoofil -d $WEBSITE -t pdf,xls,xlsx,csv -l 100 -n 7 -f ~/result.htmlexiftool $FILEApplication Menu > Project > New Project > Fill the Inputs > Create > Select Path for Result > Select Extensions and Search Engine > Search All
Last updated
Was this helpful?