Header AD

How To Gather Information About A Website Using Kali Linux

,

How To Gather Information About A Website Using Kali Linux

How To Gather Information About A Website Using Kali Linux
How To Gather Information About A Website Using Kali Linux

Gather Information on websites

What is information gathering

Information gathering is an art of gathering information about your target. Before hacking into websites or Systems you have to gain as much information as possible about your target.
Information Gathering is a very first phase of penetration testing.If the information gathered shows a poorly defended computer system, an attack will be launched, and unauthorized access will be gained. However, if the target is highly protected, the hacker will think twice before attempting to break in. It will be dependent upon the tools and systems that protect the target. Again, the key here is the amount of information he has gathered beforehand.
With Kali Linux, we have many great tools for gathering information effectively.
Open your terminal:

Also Check: Beginners Ethical Hacking Course

Extract basic Information of website

Whois extracts basic information of the website like nameservers, registrar name, admin email, number(only if not protected), domain expiry date etc.
root@seven:~# whois microsoft.com
Registry Registrant ID: 
Registrant Name: Domain Administrator
Registrant Organization: Microsoft Corporation
Registrant Street: One Microsoft Way, 
Registrant City: Redmond
Registrant State/Province: WA
Registrant Postal Code: 98052
Registrant Country: US
Registrant Phone: +1.4258828080
Registrant Phone Ext: 
Registrant Fax: +1.4259367329
Registrant Fax Ext: 
Registrant Email: domains@microsoft.com
Registry Admin ID:

Get the Ip Addresses of website

It's always a good idea to find all the available IP addresses of your target in this way you always know what website you are targeting.
Host tool returns you all the available IP addresses of a host.
root@seven:~# host  microsoft.com
microsoft.com has address 104.40.211.35
microsoft.com has address 104.43.195.251
microsoft.com has address 23.100.122.175
microsoft.com has address 23.96.52.53
microsoft.com has address 191.239.213.197

Addition Information with -a

The -an (all) option is equivalent to setting the -v option and asking the host to make a query of type ANY.
root@seven:~# host -a microsoft.com

;microsoft.com.   IN ANY

;; ANSWER SECTION:
microsoft.com.  1594 IN A 191.239.213.197
microsoft.com.  1594 IN A 104.40.211.35
microsoft.com.  1594 IN A 104.43.195.251
microsoft.com.  1594 IN A 23.100.122.175
microsoft.com.  1594 IN A 23.96.52.53
microsoft.com.  19594 IN NS ns1.msft.net.
microsoft.com.  19594 IN NS ns2.msft.net.
microsoft.com.  19594 IN NS ns3.msft.net.
microsoft.com.  19594 IN NS ns4.msft.net.
microsoft.com.  1594 IN SOA ns1.msft.net.
 msnhst.microsoft.com. 2015122303 7200 600 2419200 3600
microsoft.com.  1594 IN MX 10
 microsoft-com.mail.protection.outlook.com.
microsoft.com.  1594 IN TXT 
"v=spf1 include:_spf-a.microsoft.com include:_
spf-b.microsoft.com include:_spf-c.microsoft.com 
Received 649 bytes from 192.168.150.2#53 in 1020 ms

A quick Nmap scan

Nmap is a versatile tool for networking scanning. A quick Nmap scan scans for basic services running on the server.
root@seven:~# nmap  linuxxcomputing.com

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-12-19 06:24 EST
Nmap scan report for linuxxcomputing.com (107.180.0.245)
Host is up (0.032s latency).
rDNS record for 107.180.0.245: ip-107-180-0-245.ip.secureserver.net
Not shown: 986 filtered ports
PORT      STATE  SERVICE
21/tcp    open   ftp
22/tcp    open   ssh
25/tcp    open   smtp

Scan for ipv4,ipv6, FTP,sub-domains and more

DNS map is an awesome tool.It scans for ipv4,ipv6, more.FTP and sub-domain more.It returns all the possible IP addresses.
root@seven:~# dnsmap microsoft.com
dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)

[+] searching (sub)domains for microsoft.com using built-in wordlist
[+] using maximum random delay of 10 millisecond(s) between requests

accounts.microsoft.com
IP address #1: 64.4.16.215

beta.microsoft.com
IP address #1: 65.55.58.14

billing.microsoft.com
IP address #1: 168.62.198.20

blogs.microsoft.com
IP address #1: 23.96.115.47

c.microsoft.com
IP address #1: 134.170.188.139

catalog.microsoft.com
IP address #1: 134.170.185.174

cd.microsoft.com
IP address #1: 104.43.234.236

connect.microsoft.com
IP address #1: 65.55.58.14

cs.microsoft.com
IP address #1: 23.97.49.121

customers.microsoft.com
IP address #1: 134.170.184.162

da.microsoft.com
IP address #1: 131.228.121.70

demo.microsoft.com
IP address #1: 168.62.208.108

developers.microsoft.com
IP address #1: 134.170.188.221
IP address #2: 134.170.185.46
Also Check: Beginners Ethical Hacking Course

There is an another useful tool for collecting information on websites. dig (domain information groper) is a flexible tool for interrogating DNS name servers.
root@seven:~# dig www.microsoft.com
These are some basic techniques to collect information on a website.For more and flexible techniques use the following tools:
Maltego
It is a Graphical tool for collecting information on websites.Easily on of the best tool available.
Nmap
is a versatile tool it detects operating system, ids and ports and more.
gathers subdomains, IP addresses, and emails etc.

So above are the How To Gather Information About A Website Using Kali Linux. Hope you like this article, keep on sharing with others too. Also, share your experience with us in a comment box below.

Post a Comment

No comments

Subscribe to: Post Comments ( Atom )