Security Basics mailing list archives

RE: Finding other websites for pen-testing...

From: Meidinger Chris <chris.meidinger () badenit de>
Date: Wed, 1 Oct 2003 15:46:43 +0100

You can use a reverse lookup in arin or ripe to find other sites where the
same tech-c or admin-c is also listed. 

alternatively, you can use a tool like wget to crawl and mirror their pages.
if you already have a domain list you can restrict to those domains so that
you don't start mirroring google or something silly. you will often find
machines that are hosted locally. for example www.customer.com is hosted
externally, but research.customer.com is onsite and unprotected.

you can also port scan their netblocks depending on what kind of an
agreement you have with the customer.

a great introduction to this topic is in the first chapter of hacking
exposed. pick up a copy of that, take it to $WORK and start dig(1)ging

cheers,

Chris

-----Original Message-----
From: David Burt [mailto:uncue75 () yahoo com] 
Sent: Tuesday, September 30, 2003 7:30 PM
To: security-basics () securityfocus com
Subject: Finding other websites for pen-testing...

Say you know that name of the company you have been
hired by to perform a pen-test.  You know their main
website. 

You want to find out what other website that they may
have on different webservers that maybe in house
rather than being outsourced like their main website
or maybe they run a website that isn't as high profile
so they are pretty lax on keeping it updated.

If you go to netsol.com and do a whois on their main
website you can find out their address and all the
main contacts.  Is there a way to search this
information to find all the domains that have the same
contacts in them or maybe the same address?

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search

http://shopping.yahoo.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

RE: Finding other websites for pen-testing... Meidinger Chris (Oct 01)
- <Possible follow-ups>
- Re: Finding other websites for pen-testing... George Ellenburg (Oct 01)
- Re: Finding other websites for pen-testing... Meritt James (Oct 02)