mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-14 08:57:55 +00:00
GitBook: [master] one page modified
This commit is contained in:
parent
33c9a391c7
commit
b715a52415
1 changed files with 4 additions and 1 deletions
|
@ -34,7 +34,8 @@ amass intel -org tesla
|
|||
amass intel -asn 8911,50313,394161
|
||||
```
|
||||
|
||||
You can find the IP ranges of an organisation also using [http://asnlookup.com/](http://asnlookup.com/) \(it has free API\).
|
||||
You can find the IP ranges of an organisation also using [http://asnlookup.com/](http://asnlookup.com/) \(it has free API\).
|
||||
You can fins the IP and ASN of a domain using [http://ipv4info.com/](http://ipv4info.com/).
|
||||
|
||||
### Looking for vulnerabilities
|
||||
|
||||
|
@ -150,6 +151,8 @@ dnsrecon -a -d tesla.com
|
|||
|
||||
The fastest way to obtain a lot of subdomains is search in external sources. I'm not going to discuss which sources are the bests and how to use them, but you can find here several utilities: [https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html](https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html)
|
||||
|
||||
A really good place to search for subdomains is [https://crt.sh/](https://crt.sh/).
|
||||
|
||||
The most used tools are [**Amass**](https://github.com/OWASP/Amass)**,** [**subfinder**](https://github.com/projectdiscovery/subfinder)**,** [**findomain**](https://github.com/Edu4rdSHL/findomain/)**,** [**OneForAll**](https://github.com/shmilylty/OneForAll/blob/master/README.en.md)**,** [**assetfinder**](https://github.com/tomnomnom/assetfinder)**,** [**Sudomy**](https://github.com/Screetsec/Sudomy)**.** I would recommend to start using them configuring the API keys, and then start testing other tools or possibilities.
|
||||
|
||||
```bash
|
||||
|
|
Loading…
Reference in a new issue