1.2-Linux-Reconnaissance.md

Pre-Intrusion phase (Linux)

Reconnaissance

Passive

whois to query WHOIS servers

whois <target>

nslookup to query DNS servers

nslookup <target>
nslookup -type=A <target> 1.1.1.1

dig to query DNS servers

dig <target>
dig @1.1.1.1 <target> TXT

Online:

• https://dnsdumpster.com/
• https://www.shodan.io/
• https://builtwith.com/

Active

Web Browser:

• Chrome DevTools
• FoxyProxy (change the proxy server)
• User-Agent Switcher and Manager (pretend to different OS/browser)
• Wappalyzer (technologies used)

Test connection and DNS information

ping <target>
traceroute/tracert <target>

Communicate with host

telnet <target> <port>
GET / HTTP/1.1
host: telnet

nc <target> <port>
GET / HTTP/1.1
host: netcat