In this section I will try to define some terms (without reinventing the wheel) that I came across during my studies on Pentesting using references from widely recognized brands and companies.
Footprinting lab 2: Subdomain search My resume of module 02 footprinting form CEH material
Level: easy
Tools to search subdomains In the official gluide of CEH the tool used for search subdomains is sublist3r, but extist some great tools for complement this fase of footprinting here a list:
Online tools
https://crt.sh/
to search domains based on CA Certificate Transparency, like also:
https://certificate.transparency.dev/
https://transparencyreport.google.com/https/certificates
for advanced queries in crt.sh check here https://www.
Footprinting Lab 1: whois,ping,tracert My resume of module 02 footprinting form CEH material
Level: ultra easy
Get max Frame size To get max frame size using ping command:
On Windows
1 > ping www.certifiedhacker.com -f -1 1500 Where:
-f send fragmented frames -l buffer size On Linux
1 $ ping www.certifiedhacker.com -s 1500 Where:
-s buffer size for fragmented frames On Windows is needed specify that frames are fragmented (-f)
3 Footprinting Penetration Testing My resume of module 02 footprinting form CEH material
So far, we have discussed the necessary techniques and tools that can be used to footprint a target organization’s network. Penetration testing (or pen testing) refers to the process of testing the organization’s security posture using similar techniques and tools as that of an attacker, but with the knowledge and approval of the organization. Footprinting is the first step to perform in the pen testing process.