2. What is this about?
lMany a times it is a pain to figure out, how the hell
did he find this url to find the bug!
lDuring a professional security testing the phase is
called Reconnaissance.
lGetting as much additional information as
possible about the target.
3. What is DNS?
lDNS stands for domain name system
lDatabase responsible for storing all of the
information pertaining to IP addresses and domain
names
lBacked up by thousands of separate DNS servers
and stored on single root DNS servers
5. Reverse Lookup
lReverse DNS lookup is to obtain site registration
information of that IP address (if there is any)
lIf we type 216.58.197.46 into browser, we will be
redirected to the site.
lWell known stuffs!
6. lDiscovered hosts may be virtual web hosts on a
single web server
l(OR)
lMay be distinct hosts on IP addresses
11. On a different note
lS3 bucket discovery a recent finding of mine.
lfor url in $(cat list.txt);do curl
$url.s3.amazonaws.com;done
l7 google's buckets were open.