Information gathering is basic and major part of hacking having correct information makes attack more easier , the information may be very useful some time. Finding information can be difficult if you don’t know where to find.
Here are the five best tools for finding Web Information efficiently
It is used by most of the penetration testers For information gathering,
it gives information like domain names , ip netblocks , subdomains etc.
It can also be used for subdomain brute-forcing during enumeration stage.
usage : dnsmap <target-domain> [options]
-i <ips-to-ignore> (useful if you’re obtaining false positives)
Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. This does not perform exploitation and does not scan the whole Internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That’s especially useful in targeted malware.
usage : fierce -dns examplecompany.com -wordlist dictionary.txt
Useful for web intelligence and attack surface mapping of vhosts during
penetration tests. Find hostnames that share an IP address with your target
which can be a hostname or an IP address.
Usage: ./bing-ip2hosts [OPTIONS] <IP|hostname>
-n Turn off the progress indicator animation
-t <DIR> Use this directory instead of /tmp. The directory must exist.
-i Optional CSV output. Outputs the IP and hostname on each line, separated by a comma.
-p Optional http:// prefix output. Useful for right-clicking in the shell
4. the harvester
This tool is used to collect information about emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database
Usage: theharvester options <domain/company>
-d: Domain to search or company name
-b: data source: google, googleCSE, bing, bingapi, pgp, linkedin,
google-profiles, jigsaw, twitter, googleplus, all -s: Start in result number X (default: 0)
-v: Verify host name via dns resolution and search for virtual hosts
-f: Save the results into an HTML and XML file (both)
-n: Perform a DNS reverse query on all ranges discovered
-c: Perform a DNS brute force for the domain name
-t: Perform a DNS TLD expansion discovery
-e: Use this DNS server
-l: Limit the number of results to work with(bing goes from 50 to 50 results,
This tool is used to check DNS-Loadbalancing and HTTP-Loadbalancing. Load balancing is sharing of excess load with another server. This tools lets you know if Ddos attack can be performed on the website or not.
usage : lbd <website.com>