issuhub.com

CEH

(Jeff_L) #1

90 Chapter 4 ■ Footprinting and Reconnaissance


Netcraft Actually a suite of related tools, you can use Netcraft to obtain web server ver-

sion, IP address, subnet data, OS information, and subdomain information for any URL.

Remember this tool—it will come in handy later.

A subdomain is a domain that is a child of a parent domain. An example

would be support.oriyano.com, where the parent is oriyano.com. Subdo-

mains are useful because they can clue us in to projects and other goings-

on. In the past I have been able to find beta versions of company websites,

company extranets, and plenty of other items companies would have

rather kept hidden.

Link Extractor This utility locates and extracts the internal and external URLs for a

given location.

Public and Restricted Websites

Websites that are intended not to be public but to be restricted to a few can provide you

with valuable information. Because restricted websites—such as technet.microsoft.com

and developer.apple.com—are not intended for public consumption, they are kept in a

subdomain that is either not publicized or that has a login page. (See Exercise 4.2.)

EXERCISE 4.2

Examining a Site

This exercise shows you how to learn more about your target by finding out what they are

running, additional IP information, server data, and DNS information.


  1. In your web browser, open the website http://www.netcraft.com.

  2. In the box labeled “What’s that site running?” enter the name of a website. Note that
    this is a passive activity so you do not have to request permission, but if you plan a
    more aggressive activity consider asking for permission.

  3. On the results page, note the list of sites that appear. The results may include a list of
    subdomains for the domain you entered. Not every site will have subdomains, so if
    you don’t see any don’t be alarmed. In some cases if there is only a single result for a
    domain name, you may in fact go directly to a page with details about the domain.

  4. On the results page, click the Site Report icon next to a domain name to go to the Site
    Report page for that domain.

  5. On the Site Report page, note the information provided. This includes data such as
    e-mail address, physical addresses, OS and web server information, and IP information.


You may find yourself in practice repeating these steps for multiple domains and subdo-

mains. Make this process easy on yourself and just print copies of the reports as they will be

useful in later stages.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.