Security Basics mailing list archives
RE: Finding other websites for pen-testing...
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Wed, 1 Oct 2003 15:46:43 +0100
You can use a reverse lookup in arin or ripe to find other sites where the same tech-c or admin-c is also listed. alternatively, you can use a tool like wget to crawl and mirror their pages. if you already have a domain list you can restrict to those domains so that you don't start mirroring google or something silly. you will often find machines that are hosted locally. for example www.customer.com is hosted externally, but research.customer.com is onsite and unprotected. you can also port scan their netblocks depending on what kind of an agreement you have with the customer. a great introduction to this topic is in the first chapter of hacking exposed. pick up a copy of that, take it to $WORK and start dig(1)ging cheers, Chris
-----Original Message----- From: David Burt [mailto:uncue75 () yahoo com] Sent: Tuesday, September 30, 2003 7:30 PM To: security-basics () securityfocus com Subject: Finding other websites for pen-testing... Say you know that name of the company you have been hired by to perform a pen-test. You know their main website. You want to find out what other website that they may have on different webservers that maybe in house rather than being outsourced like their main website or maybe they run a website that isn't as high profile so they are pretty lax on keeping it updated. If you go to netsol.com and do a whois on their main website you can find out their address and all the main contacts. Is there a way to search this information to find all the domains that have the same contacts in them or maybe the same address? __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Finding other websites for pen-testing... Meidinger Chris (Oct 01)
- <Possible follow-ups>
- Re: Finding other websites for pen-testing... George Ellenburg (Oct 01)
- Re: Finding other websites for pen-testing... Meritt James (Oct 02)