Lab Summary: Perform Footprinting Through Internet Research Services

Lab Objective:

To gather information about a target organization using Internet research services, specifically focusing on identifying the domains, subdomains, DNS servers, Geo IP data, and infrastructure details using publicly available reconnaissance tools like Netcraft and DNSdumpster.

Overview:

Internet research services offer valuable insights into a target’s infrastructure, employees, geographic presence, and more. Tools such as Netcraft and DNSdumpster allow attackers or ethical hackers to enumerate domain-related data passively, making it a crucial step in the footprinting phase of a penetration test.

Task 1: Find the Company's Domains, Subdomains, and Hosts using Netcraft and DNSdumpster

Part A: Using Netcraft to Enumerate Domain Infrastructure

1. Launched Mozilla Firefox browser and visited https://www.netcraft.com.

2. Navigated to Resources → Research Tools from the top-right menu.

3. Selected "Site Report" from the list of tools provided.

4. On the “What’s that site running?” page, entered the target domain:

   <https://www.certifiedhacker.com>
   

   and clicked “LOOK UP”.

5. Netcraft generated a detailed Site Report showing:

   • Background details
   • Network data
   • Hosting history
   • Operating system information

6. In the Network section, clicked on the main domain link to view subdomains and their related information.

7. The results displayed a list of subdomains associated with the target, as well as data such as:

   • IP addresses
   • Operating systems
   • Netblocks
   • DNS records

Part B: Using DNSdumpster to Map DNS Records and Host Locations

1. Opened a new browser tab and visited https://dnsdumpster.com.