0

Phase de reconnaissance

Cette phase consiste a collecter le plus d’informations sur une cible (client ou site/machine volontairement vulnérable), par exemple les informations concernant les enregistrements Domain Name System (DNS https://fr.wikipedia.org/wiki/Liste_des_enregistrements_DNS), nom de domaine, adresse IP, les technologies et les configurations utilisées,l’organisation des noms d’utilisateur, des documents, codes source, fichiers robots.txt, commentaires, informations de contact, etc… Pendant cette phase de Reconnaissance chaque information, si minime soit elle est considérée comme importante.

L‘illustration de la collecte d’informations se fera avec des  outils disponibles sur kali-linux. Ces outils sont Whois. Host, Dig, DMitry. Je ferais aussi une brève descriptions de deux sites web, http://viewdns.info/ et https://archive.org/web/. Il est évident que je ne peut pas vous présenter tout les outils existants, et je vous invite a rechercher dans kali-linux d’autres outils, d’en lire la documentation et de les tester. L’utilisation de ces différents outils se fera légalement sur le nom de domaine example.com , vous trouverez plus d’information en cliquant sur le lien suivant: https://www.example.com/

 

WHOIS:
En interrogeant sa base de données “Whois” recherchera les informations d’enregistrement du domaine. La base de données “Whois” retournera des informations sur le serveur DNS et les informations de contact du domaine. “Whois” est un protocole de recherche d’enregistrements Internet, de bases de données pour les noms de domaines enregistrés, d’adresses IP et de systèmes autonomes. Ce protocole est spécifié dans RFC 3912 https://www.ietf.org/rfc/rfc3912.txt .

USAGE:

Usage: whois [OPTION]… OBJET…

-h HÔTE, –host HÔTE se connecter au serveur HÔTE
-p PORT, –port PORT se connecter sur le port PORT
-H cacher les mentions légales
–verbose mode verbeux
–help afficher cette aide et sortir
–version afficher la version et sortir

Ces drapeaux sont gérés par le serveur whois.ripe.net et quelques serveurs de type RIPE :
-l réduire d’un niveau la spécificité de la recherche
-L trouver toutes les occurrences moins spécifiques
-m trouver les occurrences de premier niveau plus spécifiques
-M trouver toutes les occurrences plus spécifiques
-c trouver l’occurrence la plus spécifique contenant un attribut mnt-irt
-x occurrence exacte
-b afficher la plage des adresses IP avec l’information d’abus
-B désactiver le filtrage d’objet (montrer les adresses électroniques)
-G désactiver le groupement des objets associés
-d afficher aussi les objets de délégation DNS inverse
-i ATTR[,ATTR]… effectuer une recherche inverse pour les ATTRibuts spécifiés
-T TYPE[,TYPE]… chercher seulement les objets de ce TYPE
-K seules les clés primaires sont renvoyées
-r désactiver la recherche récursive des informations de contact
-R forcer l’affichage de la copie locale de l’objet de domaine même
s’il contient un renvoi
-a rechercher aussi dans toutes les bases de données miroir
-s SOURCE[,SOURCE]… rechercher dans la base de données miroir de SOURCE
-g SOURCE:PREM-DERN trouver les mises à jour de la SOURCE ayant des numéros
de série entre PREM et DERN
-t TYPE demander la syntaxe pour les objets de ce TYPE
-v TYPE demander la syntaxe détaillée pour les objets de ce TYPE
-q [version|sources|types] demander les informations spécifiées au serveur

 

Dans le terminal : whois example.com

Domain Name: EXAMPLE.COM
   Registry Domain ID: 2336799_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.iana.org
   Registrar URL: http://res-dom.iana.org
   Updated Date: 2017-08-14T07:04:03Z
   Creation Date: 1995-08-14T04:00:00Z
   Registry Expiry Date: 2018-08-13T04:00:00Z
   Registrar: RESERVED-Internet Assigned Numbers Authority
   Registrar IANA ID: 376
   Registrar Abuse Contact Email:
   Registrar Abuse Contact Phone:
   Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Name Server: A.IANA-SERVERS.NET
   Name Server: B.IANA-SERVERS.NET
   DNSSEC: signedDelegation
   DNSSEC DS Data: 31589 8 1 3490A6806D47F17A34C29E2CE80E8A999FFBE4BE
   DNSSEC DS Data: 31589 8 2 CDE0D742D6998AA554A92D890F8184C698CFAC8A26FA59875A990C03E576343C
   DNSSEC DS Data: 43547 8 1 B6225AB2CC613E0DCA7962BDC2342EA4F1B56083
   DNSSEC DS Data: 43547 8 2 615A64233543F66F44D68933625B17497C89A70E858ED76A2145997EDF96A918
   DNSSEC DS Data: 31406 8 1 189968811E6EBA862DD6C209F75623D8D9ED9142
   DNSSEC DS Data: 31406 8 2 F78CF3344F72137235098ECBBD08947C2C9001C7F6A085A17F518B5D8F6B916D
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2018-01-14T18:53:04Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

HOST:

Arès avoir trouvé les informations du serveur DNS, l’étape suivante consiste à trouver l’adresse IP du nom de domaine / hôte . Pour nous aider, nous pouvons utiliser l’outil “Host”  pour rechercher l’adresse IP du nom de domaine / hôte à partir d’un serveur DNS.

USAGE:

Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]

[-R number] [-m flag] hostname [server]
-a is equivalent to -v -t ANY
-c specifies query class for non-IN data
-C compares SOA records on authoritative nameservers
-d is equivalent to -v
-l lists all hosts in a domain, using AXFR
-i IP6.INT reverse lookups
-N changes the number of dots allowed before root lookup is done
-r disables recursive processing
-R specifies number of retries for UDP packets
-s a SERVFAIL response should stop query
-t specifies the query type
-T enables TCP/IP mode
-v enables verbose output
-w specifies to wait forever for a reply
-W specifies how long to wait for a reply
-4 use IPv4 query transport only
-6 use IPv6 query transport only
-m set memory debugging flag (trace|record|usage)
-V print version number and exit

 

Dans le terminal: host example.com

example.com has address 93.184.216.34
example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946

Ce résultat nous retournes les adresses IPV4 et IPV6 de la cible. Par défaut “Host” nous renvoie automatiquement les enregistrements concernant l’adresse IPV4, l’adresse IPV6, le nom du serveur de courrier du domaine. Le tout correspond aux types A, AAAA et MX. Il est possible d’afficher tous les enregistrements disponibles.

Dans le terminal: host -v -t ANY example.com (ou host -a example.com). Les deux retournent le même résultat

Trying "example.com"
Trying "example.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43458
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com.			IN	ANY

;; ANSWER SECTION:
example.com.		70248	IN	RRSIG	NS 8 2 86400 20180127170940 20180107002504 30381 example.com. kSLJisql4266wzvH6YSMyQwOT1xILdNHwSnoMnHZgFIPffjf2gjyZJA0 ONEfThreg4rxNpdMf4naBBBWopKJdjlk9jQfAsDYJ8EZpZ/LN144cNTq Un2bk5cJoboAND+0VBc0M1u9tXALLaSWLuqAs2rmHXcgPIbjIBAHL56g Ovk=
example.com.		67098	IN	NS	b.iana-servers.net.
example.com.		67098	IN	NS	a.iana-servers.net.
example.com.		69051	IN	RRSIG	AAAA 8 2 86400 20180129133055 20180108022504 30381 example.com. q3GLftCr24MLvjxAHrU8sloQp6gQGaH53a2W69g2cZYpb7Gm595uijWG irwEdKhYf3VCcFW5us5gb+iZflTgulBM/xlujC8p1e0QMDLClMqKHC49 +sgfR0LZRrWKbE7za1ufJ8JVIJjNKqG4nr9STep3VbG2BQoB4909XeRU o9U=
example.com.		69051	IN	AAAA	2606:2800:220:1:248:1893:25c8:1946
example.com.		69020	IN	RRSIG	A 8 2 86400 20180128190842 20180108042504 30381 example.com. PjMCezAB8YUhaPHdldDSBH+rurbNUQJH0UeEzSUZi8raqM5qZYvMGczF QqBjAlTDFjjzDiPPxI29Rgb83unKFrE0MzrjYGB1Dso8AEHEKZWHKxy9 TVPUMUgwcgZfnc5itNmigcDFWZ27tX51bq55U43YpNZF+a/MQhtBwJea Zwk=
example.com.		69020	IN	A	93.184.216.34

Received 634 bytes from 127.0.1.1#53 in 116 ms

L’outil “host” interroge les serveurs DNS répertoriés dans le fichier etc / resolv.conf de votre système d’exploitation Kali . Il peut également être utilisé pour effectuer un transfert de zone DNS.  Il est aussi possible de  collecter des informations sur les noms d’hôtes disponibles dans un domaine.

 

DIG:

À côté de l’outil “Host”, il est possible d’utiliser l’outil “Dig” pour interroger les serveurs DNS. L’avantage de “Dig” est sa flexibilité et sa clarté. Avec “Dig” il est possible de demander a traiter une liste de requêtes de recherche à partir d’un fichier.

USAGE:

Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} […]]
Where: domain is in the Domain Name System
q-class is one of (in,hs,ch,…) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,…) [default:a]
(Use ixfr=version for type ixfr)
q-opt is one of:
-4 (use IPv4 query transport only)
-6 (use IPv6 query transport only)
-b address[#port] (bind to source address/port)
-c class (specify query class)
-f filename (batch mode)
-i (use IP6.INT for IPv6 reverse lookups)
-k keyfile (specify tsig key file)
-m (enable memory usage debugging)
-p port (specify port number)
-q name (specify query name)
-t type (specify query type)
-u (display times in usec instead of msec)
-x dot-notation (shortcut for reverse lookups)
-y [hmac:]name:key (specify named base64 tsig key)
d-opt is of the form +keyword[=value], where keyword is:
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]additional (Control display of additional section)
+[no]adflag (Set AD flag in query (default on))
+[no]all (Set or clear all display flags)
+[no]answer (Control display of answer section)
+[no]authority (Control display of authority section)
+[no]besteffort (Try to parse even illegal messages)
+bufsize=### (Set EDNS0 Max UDP packet size)
+[no]cdflag (Set checking disabled flag in query)
+[no]cl (Control display of class in records)
+[no]cmd (Control display of command line)
+[no]comments (Control display of comment lines)
+[no]crypto (Control display of cryptographic fields in records)
+[no]defname (Use search list (+[no]search))
+[no]dnssec (Request DNSSEC records)
+domain=### (Set default domainname)
+[no]edns[=###] (Set EDNS version) [0]
+ednsflags=### (Set EDNS flag bits)
+[no]ednsnegotiation (Set EDNS version negotiation)
+ednsopt=###[:value] (Send specified EDNS option)
+noednsopt (Clear list of +ednsopt options)
+[no]expire (Request time to expire)
+[no]fail (Don’t try next server on SERVFAIL)
+[no]identify (ID responders in short answers)
+[no]ignore (Don’t revert to TCP for TC responses.)
+[no]keepopen (Keep the TCP socket open between queries)
+[no]multiline (Print records in an expanded format)
+ndots=### (Set search NDOTS value)
+[no]nsid (Request Name Server ID)
+[no]nssearch (Search all authoritative nameservers)
+[no]onesoa (AXFR prints only one soa record)
+[no]opcode=[###] (Set the opcode of the request)
+[no]qr (Print question before sending)
+[no]question (Control display of question section)
+[no]recurse (Recursive mode)
+retry=### (Set number of UDP retries) [2]
+[no]rrcomments (Control display of per-record comments)
+[no]search (Set whether to use searchlist)
+[no]short (Display nothing except short
form of answer)
+[no]showsearch (Search with intermediate results)
+[no]split=## (Split hex/base64 fields into chunks)
+[no]stats (Control display of statistics)
+subnet=addr (Set edns-client-subnet option)
+[no]tcp (TCP mode (+[no]vc))
+time=### (Set query timeout) [5]
+[no]trace (Trace delegation down from root [+dnssec])
+tries=### (Set number of UDP attempts) [3]
+[no]ttlid (Control display of ttls in records)
+[no]vc (TCP mode (+[no]tcp))
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
-v (print version and exit)

 

Dans le terminal: dig example.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63788
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		68955	IN	A	93.184.216.34

;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun Jan 14 19:57:15 CET 2018
;; MSG SIZE  rcvd: 45

Sans donner d’arguments “Dig” nous renvoie uniquement les enregistrements concernant l’adresse IPV4, correspondant au type A. Il est possible comme pour “Host” de faire une requete avec “any” pour que cet outil nous renvoie tous les enregistrements disponibles, tels que SOA, AAAA, NS et, A (voire dans le liens fournis au début du document).

Dans le terminal: dig example.com any

; <<>> DiG 9.10.3-P4-Ubuntu <<>> example.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42256
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1460
;; QUESTION SECTION:
;example.com.			IN	ANY

;; ANSWER SECTION:
example.com.		70126	IN	RRSIG	NS 8 2 86400 20180127170940 20180107002504 30381 example.com. kSLJisql4266wzvH6YSMyQwOT1xILdNHwSnoMnHZgFIPffjf2gjyZJA0 ONEfThreg4rxNpdMf4naBBBWopKJdjlk9jQfAsDYJ8EZpZ/LN144cNTq Un2bk5cJoboAND+0VBc0M1u9tXALLaSWLuqAs2rmHXcgPIbjIBAHL56g Ovk=
example.com.		66976	IN	NS	a.iana-servers.net.
example.com.		66976	IN	NS	b.iana-servers.net.
example.com.		68929	IN	RRSIG	AAAA 8 2 86400 20180129133055 20180108022504 30381 example.com. q3GLftCr24MLvjxAHrU8sloQp6gQGaH53a2W69g2cZYpb7Gm595uijWG irwEdKhYf3VCcFW5us5gb+iZflTgulBM/xlujC8p1e0QMDLClMqKHC49 +sgfR0LZRrWKbE7za1ufJ8JVIJjNKqG4nr9STep3VbG2BQoB4909XeRU o9U=
example.com.		68929	IN	AAAA	2606:2800:220:1:248:1893:25c8:1946
example.com.		68898	IN	RRSIG	A 8 2 86400 20180128190842 20180108042504 30381 example.com. PjMCezAB8YUhaPHdldDSBH+rurbNUQJH0UeEzSUZi8raqM5qZYvMGczF QqBjAlTDFjjzDiPPxI29Rgb83unKFrE0MzrjYGB1Dso8AEHEKZWHKxy9 TVPUMUgwcgZfnc5itNmigcDFWZ27tX51bq55U43YpNZF+a/MQhtBwJea Zwk=
example.com.		68898	IN	A	93.184.216.34

;; Query time: 37 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun Jan 14 19:58:12 CET 2018
;; MSG SIZE  rcvd: 645

DMitry:

DMitry (Deepmagic Information Gathering Tool) est un outil de collecte d’informations tout-en-un. Il peut trouver les mêmes informations que celles qui peuvent être trouvées avec différents outils présents dans Kali ou sur internet, mais avec un seul outil, lui même. Il peut également enregistrer un rapport dans un fichier pour un accès différé et une meilleure lecture. Il permet entre la recherche d’informations whois , la recupereration de donnees de disponibilités , la recherche sur le subdomain, la recherche d’addresse electronique sur la cible, le scan de ports TCP, etc…..

USAGE:

Deepmagic Information Gathering Tool
“There be some deep magic going on”

Usage: dmitry [-winsepfb] [-t 0-9] [-o %host.txt] host
-o Save output to %host.txt or to file specified by -o file
-i Perform a whois lookup on the IP address of a host
-w Perform a whois lookup on the domain name of a host
-n Retrieve Netcraft.com information on a host
-s Perform a search for possible subdomains
-e Perform a search for possible email addresses
-p Perform a TCP port scan on a host
* -f Perform a TCP port scan on a host showing output reporting filtered ports
* -b Read in the banner received from the scanned port
* -t 0-9 Set the TTL in seconds when scanning a TCP port ( Default 2 )
*Requires the -p flagged to be passed

 

Dans le terminal: dmitry example.com

Deepmagic Information Gathering Tool
"There be some deep magic going on"
HostIP:93.184.216.34
HostName:example.com
Gathered Inet-whois information for 93.184.216.34
---------------------------------
 
inetnum: 93.184.216.0 - 93.184.216.255
netname: EDGECAST-NETBLK-03
descr: NETBLK-03-EU-93-184-216-0-24
country: EU
admin-c: DS7892-RIPE
tech-c: DS7892-RIPE
status: ASSIGNED PA
mnt-by: MNT-EDGECAST
created: 2012-06-22T21:48:41Z
last-modified: 2012-06-22T21:48:41Z
source: RIPE # Filtered
person: Derrick Sawyer
address: 13031 W Jefferson Blvd #900, Los Angeles, CA 90094
phone: +18773343236
nic-hdl: DS7892-RIPE
created: 2010-08-25T18:44:19Z
last-modified: 2017-03-03T09:06:18Z
source: RIPE
mnt-by: MNT-EDGECAST
% This query was served by the RIPE Database Query Service version 1.90 (ANGUS)
 
Gathered Inic-whois information for example.com
---------------------------------
Domain Name: EXAMPLE.COM
Registry Domain ID: 2336799_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.iana.org
Registrar URL: http://res-dom.iana.org
Updated Date: 2017-08-14T07:04:03Z
Creation Date: 1995-08-14T04:00:00Z
Registry Expiry Date: 2018-08-13T04:00:00Z
Registrar: RESERVED-Internet Assigned Numbers Authority
Registrar IANA ID: 376
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.oc��
��������i�entDel��������E��j�eteProhib;Y@ited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: A.IANA-SERVERS.NET
Name Server: B.IANA-SERVERS.NET
DNSSEC: signedDelegation
DNSSEC DS Data: 31589 8 1 3490A6806D47F17A34C29E2CE80E8A999FFBE4BE
DNSSEC DS Data: 31589 8 2 CDE0D742D6998AA554A92D890F8184C698CFAC8A26FA59875A990C03E576343C
DNSSEC DS Data: 43547 8 1 B6225AB2CC613E0DCA7962BDC23c��
42EA4F1B56M083
DNSSEC DS Data: 43547 8 2 615A64233543F66F44D68933625B17497C89A70E858ED76A2145997EDF96A918
DNSSEC DS Data: 31406 8 1 189968811E6EBA862DD6C209F75623D8D9ED9142
DNSSEC DS Data: 31406 8 2 F78CF3344F72137235098ECBBD08947C2C9001C7F6A085A17F518B5D8F6B916D
URL of the ICANN Whois Inaccuracy Complaint Form: htt���
ps://www.i�cann.or�����������j�g/wicf/
>>> Last update of whois database: 2017-11-21T13:49:32Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar'sc��
Whois datyabase t�����������j�o
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtac��
ining infoTrmation��������A��j�
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances willc��
Da this ta�
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-vol���
access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU dom���
ns and
Registrars.
Gathered Netcraft information for example.com
---------------------------------
Retrieving Netcraft.com information for example.com
Netcraft.com Information gathered
Gathered Subdomain information for example.com
---------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 possible subdomain(s) for host example.com, Searched 0 pages containing 0 results
Gathered E-Mail information for example.com
---------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 E-Mail(s) for host example.com, Searched 0 pages containing 0 results
Gathered TCP Port information for 93.184.216.34
---------------------------------
Port State
80/tcp open
Portscan Finished: Scanned 150 ports, 2 ports were in state closed
 
All scans completed, exiting

 

http://viewdns.info/

Viewdns.info est un site internet regroupant divers outils qui pourront également être utiles pour une recherche d’information concernant une cible . En voici une copie d’écran

 

https://archive.org/web/

archives.org est un site internet qui vous permettra de remonter dans le temps et regarder comment se présentait une page internet dans le passé . Il peut être très intéressant de jeter un œil a cette archive et trouver des informations qui auraient été retirée par après !

 

!%$789Kl

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *