Now moving from recon-ing people in the previous blog-post to hosts...
I assume we are at "recon-ng >" point so
use recon/hosts/gather/http/google
show options
set domain target.com
run
Notice how nicely it says
[*] Sleeping to Avoid Lock-out...
and finally
[*] 50 NEW hosts found!
Woohoo! Just to make sure everything is stored where it should be
query select * from hosts
[*] 51 rows returned
Lovely!
This will do a great job but not good enough to stop here... we should use different search engines. You can never expect google or bing or anybody really to be 100% accurate.. so
back
use recon/hosts/gather/http/bing
show options
set domain target.com
run
[*] 3 NEW hosts found!
Which proves my previous point and at the same time illustrates that recon-ng is actually smart enough to know that it has discovered a host already and not to create duplicates :)
Anyway.. that's enough for today
More to come tomorrow :)
I assume we are at "recon-ng >" point so
use recon/hosts/gather/http/google
show options
set domain target.com
run
Notice how nicely it says
[*] Sleeping to Avoid Lock-out...
and finally
[*] 50 NEW hosts found!
Woohoo! Just to make sure everything is stored where it should be
query select * from hosts
[*] 51 rows returned
Lovely!
This will do a great job but not good enough to stop here... we should use different search engines. You can never expect google or bing or anybody really to be 100% accurate.. so
back
use recon/hosts/gather/http/bing
show options
set domain target.com
run
[*] 3 NEW hosts found!
Which proves my previous point and at the same time illustrates that recon-ng is actually smart enough to know that it has discovered a host already and not to create duplicates :)
Anyway.. that's enough for today
More to come tomorrow :)
No comments:
Post a comment