2. Perform Footprinting Through Internet Research Services

As a professional ethical hacker or pen tester, you should be able to extract a variety of information about your target organization from Internet research services.

1. Find the Company’s Domains, Subdomains and Hosts using Netcraft and DNSdumpster

Domains and sub-domains are part of critical network infrastructure for any organization. A company's top-level domains (TLDs) and subdomains can provide much useful information such as organizational history, services and products, and contact information. A public website is designed to show the presence of an organization on the Internet, and is available for free access.

Visit the Netcraft Website.

Click on menu icon from the top-right corner of the page and navigate to the Resources -> Research Tools. In the Tools | Netcraft page, click on Site Report option.

The What’s that site running? page appears. To extract information associated with the organizational website such as infrastructure, technology used, sub domains, background, network, etc., type the target website’s URL (here, https://www.certifiedhacker.com) in the text field, and then click the LOOK UP button. The Site report for https://www.certifiedhacker.com page appears, containing information related to Background, Network, Hosting History, etc.

In the Network section, click on the website link (here, certifiedhacker.com) in the Domain field to view the subdomains.

Footprinting through DNS Dumpster

Open a new tab in Firefox browser and go to https://dnsdumpster.com/. Search for certifiedhacker.com in the search box.

The website displays the GEOIP of Host Locations. Scroll down to view the list of DNS Servers, MX Records, Host Record (A) along with their IP addresses.

Further, scroll down to view the domain mapping of the website. Click on Download .xlsx of Hosts button to download the list of hosts.

Other tools

sublis3ter
pentest-tools
FFUF
Gobuster
Dirb

2. People search

3. Emails Using theHarvester

theHarvester -d microsoft.com -l 200 -b baidu

-d domains

-l limit results

-b source (baidu,google,etc)

4.Dark and Deep web searching

https://www.torproject.org/download/

Tor uses duckduckgo for search

hidden wiki

5. OS footprinting with Censys

You can search the site through censys search and get the OS of the system.

Previous1. Footprinting through Search Engines Next3. Footprinting through Social Networking sites

Last updated 1 month ago