Tag: reconnaissance tools

DNSrecon – DNS Reconnaissance for Pentesting
Business

DNSrecon – DNS Reconnaissance for Pentesting

Overview The first stage of penetration testing is reconnaissance (information gathering). One method of reconnaissance is by gathering the target's DNS information, such as DNS records and DNS servers. This information can be used to piece together the network infrastructure of an organization. Additionally, it does not trigger an alert from the organisation's firewall or IDS/IPS. A tool that helps us accomplish this is DNSrecon. As the name implies, DNSrecon is a DNS reconnaissance tool that can extract DNS-related information from a website/domain. Here is a list of its features (according to the source repository): Check all NS Records for Zone Transfers. Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT). Perform common S...
Business

5 Popular Open Source Tools for Reconnaissance

Overview In penetration testing, reconnaissance (information gathering) is the first step to analyse the target and explore its attack surface. It is a crucial step to determine the ways that the target could be exploited. In this article, we will explore the 5 essential and popular open-source tools for reconnaissance for penetration testing. We will be covering the following tools: Wappalyzer - Website Technology Identifier DNSrecon - DNS-related information gathering Sublit3r - Subdomain finder theHarvester - Email Finder (for social engineering) Ffuf - URL Fuzzer/Finder Wappalyzer Wappalyzer is software that identifies technologies in a web application such as CMS, web frameworks, eCommerce platforms, JavaScript libraries, analytics tools and more....