⚔️
Carpa Security Book
  • 😎Introduction
  • 🔴Offensive Security
    • Reconnaissance & Information Gathering
      • Passive Reconnaissance
        • Reconnaissance Frameworks
        • Metadata Analysis
        • Domain & IP Enumeration
        • Social Media
        • Email Addresses
        • Search Engines
      • Active Recon
        • System & Network
          • Network & Port Scanning
          • Vulnerability Scanners
          • OS Fingerprinting & Service Identification
          • Network Mapping and Visualization
          • Service Enumeration
        • Web Application
          • Public Resource
          • Technology Mapping
          • Analyzing Client Side Code
          • Testing User Inputs and Controls:
          • Analyzing Server Responses and Error Messages:
          • API and Endpoint Analysis:
          • Session Management Analysis
          • Automated Vulnerability Scanning
          • Web Enumeration
        • Wireless Network Reconnaissance
    • Exploitation & Target Compromise
    • Privilege Escalation
    • Post Exploitation
      • Lateral Movement
    • Attacktive Directory
    • Credential Attacks
    • Wireless
    • Social Engineering
    • Web App PenTesting
    • Physical Security
  • 🔵Defensive Security
  • 🖥️Linux Commands
  • 🔠Certificates Prep
  • 🔗Training and Resources
Powered by GitBook
On this page
  1. Offensive Security
  2. Reconnaissance & Information Gathering
  3. Active Recon
  4. Web Application

Public Resource

Search engines (Google, Bing, Yahoo, Baidu)

https://virustotal.com/ – If you search for "domain:target.com," virustotal will provide you a wealth of information in addition to its list of all known subdomains, known as Observed subdomains.

https://dnsdumpster.com – The name explains everything. To profit, enter the desired domain and press search.

https://crt.sh/?q=%25target.com – SSL can occasionally be a veritable information gold mine. Use this website to search for "%target.com"; you will receive results with subdomains. Simple victory.

https://censys.io – Not excellent, but occasionally has some helpful information.

http://searchdns.netcraft.com/ – One more to watch out for.

https://www.shodan.io – Designed primarily for security professionals, Shodan is an infrastructure-based spider that comes with a database for caching information. It contains information on a wide range of internet servers, both historical and current, about things like server versioning and seen-subdomains.

PreviousWeb ApplicationNextTechnology Mapping

Last updated 1 year ago

🔴