Security Basics mailing list archives
Re: Finding other websites for pen-testing...
From: George Ellenburg <george () ellenburg org>
Date: Wed, 1 Oct 2003 05:38:43 -0400
www.netcraft.comCheck what that website is running. Click on the Network Name from the results, and Netcraft will show you (in some cases) what else is on that same subnet/ network.
Only works though if someone from that company has "pinged" Netcraft, so a specific host is in their database, though.
Otherwise, if you've got the contract to do a pentest, why not use scan their netblock with nessus/ nmap looking for other web servers?
-- George Ellenburg On Tuesday, September 30, 2003, at 01:30 PM, David Burt wrote:
Say you know that name of the company you have been hired by to perform a pen-test. You know their main website. You want to find out what other website that they may have on different webservers that maybe in house rather than being outsourced like their main website or maybe they run a website that isn't as high profile so they are pretty lax on keeping it updated. If you go to netsol.com and do a whois on their main website you can find out their address and all the main contacts. Is there a way to search this information to find all the domains that have the same contacts in them or maybe the same address? __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com----------------------------------------------------------------------- ---- ----------------------------------------------------------------------- -----
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Finding other websites for pen-testing... Meidinger Chris (Oct 01)
- <Possible follow-ups>
- Re: Finding other websites for pen-testing... George Ellenburg (Oct 01)
- Re: Finding other websites for pen-testing... Meritt James (Oct 02)