Security Basics mailing list archives

Re: Finding other websites for pen-testing...

From: George Ellenburg <george () ellenburg org>
Date: Wed, 1 Oct 2003 05:38:43 -0400

www.netcraft.com

Check what that website is running. Click on the Network Name from theresults, and Netcraft will show you (in some cases) what else is onthat same subnet/ network.

Only works though if someone from that company has "pinged" Netcraft,so a specific host is in their database, though.

Otherwise, if you've got the contract to do a pentest, why not use scantheir netblock with nessus/ nmap looking for other web servers?


--
George Ellenburg


On Tuesday, September 30, 2003, at 01:30  PM, David Burt wrote:

Say you know that name of the company you have been
hired by to perform a pen-test.  You know their main
website.

You want to find out what other website that they may
have on different webservers that maybe in house
rather than being outsourced like their main website
or maybe they run a website that isn't as high profile
so they are pretty lax on keeping it updated.

If you go to netsol.com and do a whois on their main
website you can find out their address and all the
main contacts.  Is there a way to search this
information to find all the domains that have the same
contacts in them or maybe the same address?

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

-------------------------------------------------------------------------------------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

RE: Finding other websites for pen-testing... Meidinger Chris (Oct 01)
- <Possible follow-ups>
- Re: Finding other websites for pen-testing... George Ellenburg (Oct 01)
- Re: Finding other websites for pen-testing... Meritt James (Oct 02)