What is this about?
lMany a times it is a pain to figure out, how the hell
did he find this url to find the bug!
lDuring a professional security testing the phase is
lGetting as much additional information as
possible about the target.
What is DNS?
lDNS stands for domain name system
lDatabase responsible for storing all of the
information pertaining to IP addresses and domain
lBacked up by thousands of separate DNS servers
and stored on single root DNS servers
lDatabase previously mentioned is called WHOis
lGive a domain name -> Get an IP Address (and if
possible other details) is a lookup
lReverse DNS lookup is to obtain site registration
information of that IP address (if there is any)
lIf we type 188.8.131.52 into browser, we will be
redirected to the site.
lWell known stuffs!
lDiscovered hosts may be virtual web hosts on a
single web server
lMay be distinct hosts on IP addresses
lThis are already automated and there are tools for
this. Example: recon-ng , a tool for
lA python script
lA sample result:
lThis brute forces the prefix