Pentest
Revision as of 11:19, 24 March 2008 by <bdi>PhilippeTeuwen</bdi> (talk | contribs) (→Collecting information)
Intro
Well a large subject...
You'll not find a howto here, more a checklist.
So why such a page?
Because I'm not doing pentests that often so when it happens, it's a bit unstructured.
Because I'm reading MISC HS 1 (in french) and I want to make some scrapbooking.
So I'll try to write down anything I do on that matter since now...
Recording
- Write down what we've found, how and when
Collecting information
- website
- postal address, about us,...
- robots.txt
- WayBack machine
http://web.archive.org/web/*/http://www.example.com from [1] - Google cache
http://209.85.135.104/search?q=cache:http://www.example.com - Coralize
http://www.example.com.nyud.net from [2] - traceroute
http://www.dnsstuff.com/tools/tracert.ch?ip=http://www.example.com from [3] - Other online DNS tools
- whois
http://whois.webhosting.info/example.com from [4] - Reverse IP (all known domains, not just reverse lookup)
http://whois.webhosting.info/11.22.33.44 from [5]
- Search engines
- Big list of the top 100 alternative search engines, see also [6]
- Alexa: traffic ranking & other infos
- Google + site: inurl: intext: filetype: etc