Useful Tips

Here we can find some tips for maximizing the use of information-gathering concepts, tools, and utilities:

  • Make an initial port scan when you connect to a target machine

  • Check well-known ports of protocols

  • Check the TTL value when doing ping to a machine, to determine what operating system the machine is associated with

  • On HTTPS sites check the certificate to gather information about the encryption and the server

  • Check DNS records to gather information about host names, domains and

  • Use host command to get domains and IP address information, and then pass it to whois command, to identify if a service is self-hosted or is using cloud services

  • Examine SSL certificates from websites to obtain information about domains, use tools such as crt.sh

  • Check the DNS records of a host using commands like whois, host and dig

  • Check default configuration files for network services like:

    • /etc/samba/smb.conf for SMB configurations

    • /etc/exports for NFS configuration

    • /etc/vsftpd.conf for FTP configuration

    • /etc/bind/named.conf.local for DNS configuration

      • /etc/bind/db.$domain or /etc/bind/db.$IP for DNS zone files

    • /etc/postfix/main.cf for SMTP configuration

    • /etc/snmp/snmpd.conf for SNMP configuration

    • /etc/mysql/mysql.conf.d/mysqld.cnf for MYSQL configuration

PreviousTools and UtilitiesNextVulnerability Assessment

Last updated