Ethical Hacking and Penetration Testing Guide

Information Gathering Techniques
◾ 
73
As you can see , I have used the –threads parameter and set the value at 1000. This will make 
it run faster. Initially, it tries to perform a zone transfer. If it fails, it would start brute-forcing the 
servers.
You can also provide fierce a custom wordlist.
Example
/fierce.pl -dns xyz.com -wordlist
As you can see, the tool has managed to find both subdomains from my blog rafayhackingar-
ticles.net

74
◾ 
Ethical Hacking and Penetration Testing Guide
Knock.py
Knock.py is a tool that has capabilities similar to fierce for determining subdomains. It has a 
built-in internal list as well as the capabilities of scanning with your custom wordlist. It can also 
perform zone transfers; for that purpose, you just need to issue an additional parameter (-zt).
Examples
Scanning with internal lists:
Python knock.py 

Scanning with custom wordlist:
Python knock.py 

Zone transfer file discovery:
Python knock.py
-zt
Knock.py has various options, which I will leave for you to explore. You can access its documenta-
tion at 
https://code.google.com/p/knock/wiki/documentation
Wolframaplha
The following website also gives a decent amount of subdomains. It returns the most important 
subdomains that get the most traffic. If you want to save time, you can try wolframaplha.

Yüklə 22,44 Mb.

Dostları ilə paylaş: