Collecting domain information
As an ethical hacker, collecting the Domain Name System (DNS) information and IP addresses and determining the backend infrastructure helps you to better understand the attack surface and attack vectors of a target. For instance, if you’re performing an external network penetration test or Open Source Intelligence (OSINT) penetration test on an organization, finding the target’s domain and website are good starting points. A domain name can lead you to discover the website and the sub-domains and IP addresses assigned to servers owned by the target.
This section focuses on using various tactics and techniques to retrieve the IP addresses, discovering any infrastructure details, and running web technologies on a target’s web server and domain.
Retrieving IP addresses
By retrieving the IP addresses of a target domain and its sub-domain, ethical hackers are able to map the external network topology and identify potential security...
