Skip to main content
Information Security

Questions tagged [reconnaissance]

Ask Question

The process of collecting information about an intended target of a malicious hack by probing the target system.

58 questions
Newest Active Bountied Unanswered
-1 votes
1 answer
163 views

i have w wordlist of subdomains contains like this : admin.bugbountytarget.com portal.bugbountytarget.com sales.bugbountytarget.com vpn1.bugbountytarget.com dev.test.bugbountytarget.com ... And I ...
Edward Akina's user avatar
  • 1
0 votes
1 answer
878 views

I know all baseline steps to do DNS enumeration over a domain. But my questions is: how can I enumerate a server when I do not know which domain it is managing and I only have its IP address? My ...
Mr John's user avatar
  • 11
0 votes
1 answer
423 views

During experimentation with the gobuster tool, and trying to find the subdomains matches of a domain (let's call that testdomain.com), I got some strange results and I explain. The command used was $ ...
orespan's user avatar
  • 1
1 vote
3 answers
239 views

If the hacker decides to attack the system, the first step is reconnaissance. But if the system the hacker attacks is exotic, sometimes they'd need to develop the tools or "drivers", or ...
Tim Abdiukov's user avatar
  • 195
0 votes
0 answers
281 views

Can someone explain to me how OWASP Amass correlates information regarding the intel module domain search? As an example, if I run the command: amass intel -d example.com -whois I'll get a list of ...
Bruno Alexandre Moreira Pincho's user avatar
  • 101
-1 votes
1 answer
1k views

I understand that it is easier for a human to intuitively figure out the alleged whereabouts of a machine if that machin's IP address is IPv6, rather than if its IPv4: For example, since I configured ...
user avatar
0 votes
1 answer
12k views

I just started with recon-ng today, I was following tutorials but every tutorial is outdated with most of them describing the functions of v4. I was able to update myself with simple additions like ...
s h a a n's user avatar
  • 325
19 votes
2 answers
4k views

I recently watched a video about OSINT and learnt it can be quite a powerful agent. I've been on the internet for years, and at this point I'm not sure what I've posted and where. Given this is now ...
iiSupaCannon's user avatar
  • 193
1 vote
2 answers
3k views

I know I can use tools such as BuiltWith and Wappalyzer to find a web app's web server, but is there a way of determining the specific web server's version? The web app I am looking at has a nginx ...
Nick's user avatar
  • 13
0 votes
0 answers
122 views

I'm conducting a penetration test, where I'm facing the following problem: After having retrieved a set of IP addresses through tools like whois, I cannot successfully connect to the HTTP-based ...
Shuzheng's user avatar
  • 1,317
1 vote
1 answer
856 views

I have found research efforts on explaining how sub domain takeovers can take place authored by a gentleman named "Patrik Hudák". Through his site's blogs he illustrates and conveys an understanding ...
Azaam Alfi's user avatar
  • 23
0 votes
1 answer
234 views

I am currently working on a project where I need to find a host running a SIEM solution. From my research I am fairly confident that the host is running Elastic Stack, probably within another solution ...
ficabj5's user avatar
  • 23
0 votes
2 answers
2k views

When I look up a domain of interest on urlscan.io, I see a lot of interesting information. When I click on "Indicators of compromise" (IOC), I see a list of hashes that are actually links to pages ...
mcgyver5's user avatar
  • 6,932
2 votes
1 answer
1k views

I am currently building a Python-based OSINT tool that allows a user to crawl a supplied domain for pages using traditional scraping/spider methods, but I also want to have the option to 'brute force' ...
Tobin Shields's user avatar
  • 692
0 votes
1 answer
533 views

I can determine a single public IP address from within the organization (using NAT) by sending a HTTP request to one of the publically available services: curl ipinfo.io/ip However, if my request ...
Shuzheng's user avatar
  • 1,317

15 30 50 per page
1
2 3 4