Target Discovery
Week 4 (16 March 2018)
1.0 Definition of Target Discovery
After gathering many information, we should discover the system the machine use, hence target discovery is needed.
Why do we need to see old record?
- Find old scripts
We can find old script which may contains some vulnerable code
- Find old admin pages
If we can find old admin page, we can brute force into the system
- Find old servers
Because there is some website that does not turn off their old website
2.0 Tools
2.1 Security Trails
Using https://securitytrails.com/dns-trails , we can see the lists of DNS that has been used. For instance, from the website pentest.id we can see the DNS records
2.2 Robtex
Robtex.com can also be use to find the information of the target.
2.3 CrimeFlare
Crimeflare.com is also can be use to find the real IP behind Cloudflare’s IP Address.
