The ultimate goal of finding WHOIS information on a target domain-name with Recon-ng
WHOIS information can consist of location, registration and expire dates, contact information (email,
phone numbers, etc.) and more about domain-name. The purpose of this lab is to use recon-ng to automate the
discovery of this information
Starting, in this lab actual we
are using kali linux and you can also use this on dual boot or
virtual machine. So, as a root user, open a terminal and type.
recon-ng
Privilege Escalation SUID -
TRY THIS
recon-ng offers the opportunity for users to create different
workstations based on their project needs. For this lab, we will be gathering
WHOIS information. So, create a new lab by typing the following:
workspaces create whois_recon
We will begin by gathering WHOIS information about a target domain-name. Since
WHOIS information is available to anyone, it is ok to do this for any domain.
The domain we will be targeting is, once again, “facebook.com”, but you can do
this lab for any other domain you wish.
We will need to install
modules from the marketplace to search for WHOIS information. We will begin by
searching WHOIS for all related information regarding a target site. To do
this, we first need to install the WHOIS search module. To do this, type:
marketplace search whois
We want to install the fourth option, which is
“recon/domains-contacts/whois_pocs”. To do this, type:
marketplace install recon/domains-contacts/whois_pocs
To begin searching, we first need to set the source by typing:
options set SOURCE facebook.com or hackingtruth.org
To load the module for use, type:
modules load recon/domains-contacts/whois_pocs
Then, to see information about this module and how it is used, type
“info” and hit enter.
We are now ready to search
WHOIS for information regarding “facebook.com”. Simply
type “run” and hit enter to begin the search.
As you will
see, various contact and location information will show up for
facebook.com. This information will be automatically saved in our
workstation.
[recon-ng][whois_recon][whois_pocs] > [recon-ng][whois_recon][whois_pocs] > [recon-ng][whois_recon][whois_pocs] > [recon-ng][whois_recon][whois_pocs] > run ------------ FACEBOOK.COM ------------ [*] URL: http://whois.arin.net/rest/pocs;domain=facebook.com [*] URL: http://whois.arin.net/rest/poc/BST184-ARIN [*] Country: United States [*] Email: bstout@facebook.com [*] First_Name: Brandon [*] Last_Name: Stout [*] Middle_Name: None [*] Notes: None [*] Phone: None [*] Region: Chicago, IL [*] Title: Whois contact [*] -------------------------------------------------- [*] URL: http://whois.arin.net/rest/poc/OPERA82-ARIN [*] Country: United States [*] Email: domain@facebook.com [*] First_Name: None [*] Last_Name: Operations [*] Middle_Name: None [*] Notes: None [*] Phone: None [*] Region: Menlo Park, CA [*] Title: Whois contact [*] -------------------------------------------------- ------- SUMMARY ------- [*] 2 total (2 new) contacts found. [recon-ng][whois_recon][whois_pocs] >
Discover Subdomains
Now, we will attempt to discover as many subdomains as possible
using our target like with their IPv4 address for facebook.com or hackingtruth.org, using API. We will need to import the "hackertarget" module, as we did previously for whois_pocs.
Before we do this,
you should first type “back” and press enter to quit out of the
whois_pocs module. We will begin by searching the marketplace
for “hackertarget” modules using:
marketplace search hackertarget
Only one option should show, which is
“recon/domains-hosts/hackertarget”.
marketplace install recon/domains-hosts/hackertarget
We then want to load the module using:
modules load recon/domains-hosts/hackertarget
We are now ready to begin searching HackerTarget for
subdomain information regarding Facebook. First, set the source by typing:
options set SOURCE facebook.com
If you want to see some information around what this module
is used for and how, simply type “info” and hit enter.
Once this is done, type “run” and hit enter. You will notice a list of
various subdomains associated with facebook.com showing.
[recon-ng][whois_recon][hackertarget] > [recon-ng][whois_recon][hackertarget] > [recon-ng][whois_recon][hackertarget] > options set SOURCE facebook.com SOURCE => facebook.com [recon-ng][whois_recon][hackertarget] > run ------------ FACEBOOK.COM ------------ [*] Country: None [*] Host: facebook.com [*] Ip_Address: 157.240.254.35 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: experiment-dns-science-1200.facebook.com [*] Ip_Address: 66.220.152.19 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: experiment-dns-science-300.facebook.com [*] Ip_Address: 66.220.152.19 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: experiment-dns-science-600.facebook.com [*] Ip_Address: 66.220.152.19 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: headers-shv-00-rfrc0.facebook.com [*] Ip_Address: 173.252.127.252 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: headers-shv-00-rash0.facebook.com [*] Ip_Address: 69.171.252.252 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: msgin-regional-shv-01-rash0.facebook.com [*] Ip_Address: 69.171.251.251 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: headers-shv-00-rprn0.facebook.com [*] Ip_Address: 66.220.149.254 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: msgin-regional-shv-01-rprn0.facebook.com [*] Ip_Address: 66.220.149.251 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: headers-shv-00-ratn0.facebook.com [*] Ip_Address: 173.252.95.252 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: msgin-regional-shv-01-rftw0.facebook.com [*] Ip_Address: 173.252.87.251 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: edge-fwdproxy-1-bgp-01-mba1.facebook.com [*] Ip_Address: 102.132.96.199 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: edge-fwdproxy-2-bgp-01-mba1.facebook.com [*] Ip_Address: 102.132.96.207 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: edge-fwdproxy-3-bgp-01-mba1.facebook.com [*] Ip_Address: 102.132.96.211 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: edge-fwdproxy-4-bgp-01-mba1.facebook.com [*] Ip_Address: 102.132.96.212 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] -------------------------------------------------- [*] Country: None [*] Host: edge-fwdproxy-5-bgp-01-mba1.facebook.com [*] Ip_Address: 102.132.96.213 [*] Latitude: None [*] Longitude: None [*] Notes: None [*] Region: None [*] --------------------------------------------------
Disclaimer
All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.