Domain Exposure

Table of contents

Vulnerability
Prerequisites
Exploit
Useful links
Recommendations

Vulnerability

You can learn a lot on the Internet on someone or a company with a simple domain name.

Prerequisites

Internet connection.

Exploit

# Get DNS A records (public IP addresses) using dig.
dig $domain

# Get information about the domain using whois.
whois $ip
whois $domain
whois $domain -h $host

# Using theHarvester.
theHarvester -d $domain -b $source

You can also use SpiderFoot to search information on a company based on its name or domain.

spiderfoot -l 127.0.0.1:8000

You can actively learn more about a domain by enumerating its subdomains.

Useful links

Netcraft to find domains and subdomains.
Shodan to find publicly exposed assets.

Recommendations

Nothing to do here.