🎃
Jackmeister's Playbook
  • Welcome
  • Web Pentest
    • Mind Maps
    • Server Site Attacks
      • php type juggling
      • SSTI
      • SQL
        • PSG SQL
        • SQL Database Uses
        • SQL Injection
        • Blind SQL injection
        • SQLITE injection
      • psy shell
    • Recon
      • DNS Hunting
      • Web Tech Hunting
      • Credentials Harvesting
      • Subdomain Hunting
      • Javascript Hunting
    • Directory Brute Forcing
    • File Upload Tricks
      • PHP htaccess and ASP web.config bypass
      • PHP Exiftool edit and upload
      • PHP Extensions payloads / Cheatsheet
      • PHP disable_functions bypass
    • Client Site Attacks
      • Case Study - XSS-GPT
      • XSS
        • XSS All in one
        • XSS cookie stealing
        • Payloads / Cheatsheet
      • Javascript Crafting
      • PDF
    • CMS / Framework
      • apache / xampp
      • Django
      • Manegto
      • Joomla
      • Jenkins
      • Flask jinja2
      • tomcat
      • Drupal
      • nodejs
      • wordpress
    • Google Dorking
    • API
    • Command Injection
      • Command Injection Payloads/Cheatsheet
    • Rewrite URL
    • HTTP Request Smuggling (CL.TE)
  • Network Pentest
    • Linux
      • Internal Port Scanning
      • Privileges Escalation
      • Finding files
      • OVA2ROOT
    • Window
      • AV Evading
      • Chrome Password Extract
      • Internal Port Scanning
      • Privileges Escalation
      • ALL IN ONE
      • THM Priv Esc
      • Post Compromise
    • Port Forwarding
      • Playground Setup
    • Exploit Hunting
      • Searchsploit
    • tty-interactive-shell
    • Active Directory (AD)
      • Crackmapexec
  • Wireless Pentest
    • Airgeddon
    • Evil Twin
    • Aircrack
  • Vulnerability Assessment
    • Nmap
    • Nessus
  • General
    • Kiosk Escaping
    • Credential Bruteforcing
  • System Hardening
  • Phishing
    • Gophish
    • Mailing Server
    • SMS Server
    • DNS Server
Powered by GitBook
On this page
  • Websites
  • ChatGPT for background check

Was this helpful?

  1. Web Pentest

Recon

Terminal :

whois google.com 

dnsrecon -d google.com

nslookup google.com

traceroute google.com

dig google.com

wafw00f - WAF checking

Check for ASN(Autonomous System Number) of a company of the company is big

ASN(Autonomous System Number) = Routeable IP belong to a company

Websites :

securitytrails 

crt.sh 

dnsdumpster

osintframework

godaddy

shodan

https://search.censys.io/

If its a WAF , it will likely have 2 ip , one for WAF , another for host , using host ip is one way to bypass WAF.

Websites

https://bgp.he.net/ (IP DUMP)
https://whois.arin.net/ui/ (URL DUMP)
https://www.crunchbase.com/ (Check Domain Acquisations) need account
https://aleph.occrp.org/ (Check invested/bought companies)

ASN number can be useful is big comp because it specify ip routes owned by the companies

Acquisitions are useful because it could lead to main target

ChatGPT for background check

What can you tell me more about targeted domain aquasitions

Ads(Relationship) checking with Built-with extension

https://chrome.google.com/webstore/detail/builtwith-technology-prof/dapjbgnjinbpoindlpdmhochffioedbn 
need login
  • To check websites that uses the same ads

Shodan + api = karma

bash karma_v2 -d tesla.com --limit -1 -deep

Karma notes

favicon dana-na = vpn login

interesting findings

check possible ipv6

Shodan subdomain grabber

https://github.com/incogbyte/shosubgo

Whoxy

https://www.whoxy.com/ (Check history/previous websites)

AWS IP ranges

kaferyeager
https://kaeferjaeger.gay/?dir=ip-ranges/

cat *.txt | grep "\.tesla\.com"
Previouspsy shellNextDNS Hunting

Last updated 1 year ago

Was this helpful?