GitBook: [master] one page modified

This commit is contained in:
CPol 2020-10-23 00:24:15 +00:00 committed by gitbook-bot
parent 33c9a391c7
commit b715a52415
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF

View file

@ -34,7 +34,8 @@ amass intel -org tesla
amass intel -asn 8911,50313,394161
```
You can find the IP ranges of an organisation also using [http://asnlookup.com/](http://asnlookup.com/) \(it has free API\).
You can find the IP ranges of an organisation also using [http://asnlookup.com/](http://asnlookup.com/) \(it has free API\).
You can fins the IP and ASN of a domain using [http://ipv4info.com/](http://ipv4info.com/).
### Looking for vulnerabilities
@ -150,6 +151,8 @@ dnsrecon -a -d tesla.com
The fastest way to obtain a lot of subdomains is search in external sources. I'm not going to discuss which sources are the bests and how to use them, but you can find here several utilities: [https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html](https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html)
A really good place to search for subdomains is [https://crt.sh/](https://crt.sh/).
The most used tools are [**Amass**](https://github.com/OWASP/Amass)**,** [**subfinder**](https://github.com/projectdiscovery/subfinder)**,** [**findomain**](https://github.com/Edu4rdSHL/findomain/)**,** [**OneForAll**](https://github.com/shmilylty/OneForAll/blob/master/README.en.md)**,** [**assetfinder**](https://github.com/tomnomnom/assetfinder)**,** [**Sudomy**](https://github.com/Screetsec/Sudomy)**.** I would recommend to start using them configuring the API keys, and then start testing other tools or possibilities.
```bash