CEH Chapter 4
URI (Uniform Resource Identifier)
The protocol used that is put before a FQDN http:// https:// ftp:// etc...
ARIN (American Registry for Internet Numbers)
The North american (US and Canada), as well as Caribbean and Antarctica RIR
AfriNIC (African Network Information Center)
The african RIR
ICANN (Internet Corporation for Assigned Names and Numbers)
The authority above IANA
TLD (top-level domain)
The highest-level category used to distinguish domain names-for example, .org, .com, and .net. A TLD is also known as the domain suffix.
FQDN (Fully Qualified Domain Name)
The host name combined with the host's domain name.
wappalyzer
A chrome and firefox extension that attempts to scan for technologies and frameworks used on a website.
Recon (chrome)
A chrome extension that gives context menu when right clicking links to give basic/quick
firebug
A firefox extension that does a deep investigation of a websites technologies including DOM elements
Job Descriptions
A great way to find out about what types of technologies a company uses based on the employee specifications they are looking for
IANA (Internet Assigned Numbers Authority)
A nonprofit group charged with managing IP address allocation and the domain name system. The oversight for many of IANA's functions was given to ICANN in 1998; however, IANA continues to perform Internet addressing and domain name system administration.
RIR (Regional Internet Registry)
A not-for-profit agency that manages the distribution of IP addresses to private and public entities. They get their IP addresses from IANA.
HTTrack
A program that performs a spider on a website but runs it on a mirror of the specified website to help avoid detection.
InSpy
A python script that will take in a txt file of relevant technologies and search for jobs related to those technologies at a specified company.
theHarvester
A script that runs through various sources to search for contact details of people who work for a specific website/company.
Host
A unix cmd line tool used to get IP info of a Domain
Netcraft
A website that tracks statistics and info of web hosts
A
Adress record
Domain Registrar
An organization or commercial entity that manages the reservation of Internet domain names. They also can provide useful information, such as employee names and HQ physical addresses. The info is not guaranteed to be real/truthful however.
APNIC (Asia Pacific Network Information Center)
Asia, Australia, New Zealand, and neighboring countries RIR
Google Hacking
Creative searches in google to find exposed systems
RIPE NNC (Réseaux IP Européens Network Coordination Centre)
Europe, Russia, West Asia and Central Asia RIR
Sources for theHarvester
Google PGP MIT More...
LACNIC (Latin American and Caribbean Internet Addresses Registry)
Latin America and parts of the caribbean RIR
NS
Name server record
P0f
Passive OS fingerprinting tool that evaluates large amounts of data while identifying the network hosts involved in TCP/IP communications. Not as useful as it once was due to HTTPS being more widely used
Domains to search people
Pipl Wink Intelius
EDGAR (Electronic Data Gathering and Retrieval)
SEC reporting system requiring companies to file their financial statements and other information electronically to allow current and potential investors access quickly and easily over the Internet.
DNS
The service that translates URLs to IP addresses. It is a tiered system ,with TLD's at top,then second level domains, subdomains, and hostnames in that order
Passive Reconnaissance
Using searches online for publicly accessible information that can reveal valuable insight about a system.
zone transfer
When DNS servers exchange information among themselves it is known as a ____. Often, a primary server will have multiple secondary servers. The secondary servers would issues zone transfer requests to the primary server to update their records
URL (Uniform Resource Locator)
_______ is the address of a Web page on the World Wide Web. It is built as such: URI -> FQDN
R3con
a firefox plugin that gives info on the web pages you visit
nslookup
a tool used to query the DNS system to find the IP addresses for domain names, and vice versa
WHOIS
an internet utility program that obtains information about a domain name or IP number from the database of a domain name registry
dig
similar to nslookup but also has the ability to specify resource record type, request,and server for the request
axfr
the argument used to specify a zone transfer with dig
dnsrecon
used to extract common resource records using DNS. Can be used to identify hostnames as a result of repeated requests based on a provided wordlist. The words from the wordlists are prepended to the given domain name and the program searches for resolved FQDNs using a brute force like tactic.