Tag: ubuntu Penetration testing

Business

Sublist3r – Subdomain Finder for Penetration Testing

Overview One aspect of the information-gathering stage of penetration testing is to expand the attack surface of the target. Thus, we use Sublist3r, a subdomain finder. It is a simple and easy-to-use python programme that can be used to find subdomains of a target. How to use Sublist3r The example shown is executed on a Kali Linux machine. You can install it by following the documentation on their GitHub page. After installing sublit3r, make sure to navigate to the location of the sublilt3r python file. To run sublist3r, use the command format: python3 sublit3r.py -d <domain> Here you can see Sublit3r using multiple search engines like Baidu, Yahoo and Google to search for the target's subdomains. At the bottom, we can see that 3 subdomains were found on tasty...
Business

Wappalyzer – Website Technology Identifier

Overview In the information-gathering stage of penetration testing, we must know the technologies used by the target so that we can plan our attacks. One tool that can help with this is Wappalyzer, a website technology identifier. Wappalyzer is a tool that identifies technologies used on a website, such as CMS, web frameworks, eCommerce platforms, JavaScript libraries, analytics tools and more. It is also fast and easy to use. Wappalyzer is a free tool but more advanced services like access to their API require a monthly subscription. Fortunately, Wappalyzer is an open-source project, so you download their code from their GitHub. How to use Wappalyzer Wappalyzer lookup The simplest way to use Wappalyzer is through their website lookup page. Simply input the URL of...
DNSrecon – DNS Reconnaissance for Pentesting
Business

DNSrecon – DNS Reconnaissance for Pentesting

Overview The first stage of penetration testing is reconnaissance (information gathering). One method of reconnaissance is by gathering the target's DNS information, such as DNS records and DNS servers. This information can be used to piece together the network infrastructure of an organization. Additionally, it does not trigger an alert from the organisation's firewall or IDS/IPS. A tool that helps us accomplish this is DNSrecon. As the name implies, DNSrecon is a DNS reconnaissance tool that can extract DNS-related information from a website/domain. Here is a list of its features (according to the source repository): Check all NS Records for Zone Transfers. Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT). Perform common S...