Domain Exposure
Table of contents
Vulnerability
You can learn a lot on the Internet on someone or a company with a simple domain name.
Prerequisites
- Internet connection.
Exploit
# Get DNS A records (public IP addresses) using dig.
dig $domain
# Get information about the domain using whois.
whois $ip
whois $domain
whois $domain -h $host
# Using theHarvester.
theHarvester -d $domain -b $source
You can also use SpiderFoot to search information on a company based on its name or domain.
spiderfoot -l 127.0.0.1:8000
You can actively learn more about a domain by enumerating its subdomains.
Useful links
Recommendations
- Nothing to do here.