1.Info Gathering.md

eJPT-CheatSheets
Bartosz Pokrywka

Usefull info and commands for eJPT cert exam

Table of Contents

• Passive Information Gathering
  • CLI Commands
  • Websites
  • Google Dorks
  • Email Harvesting
  • Leaked Password Databases
• Active Information Gathering
  • DNS Zone Transfers
  • Add Tools and Commands
  • Nmap Quickstart Guide

Passive Information Gathering

CLI commands

• host (DNS lookup utility)
• whois (client for the whois directory service)
• whatweb (Next generation Web scanner. Identify technologies used by websites.)
• dnsrecon (DNS Enumeration and Scanning Tool)
• wafw00f (web app firewall checker)
• sublist3r (passive subdomain enumeration)

Websites

• https://netcraft.com (much information)
• https://dnsdumpster.com (dns scan tool)
• https://netlas.io

Google Dorks

• inurl:
• inurl:auth_user_file.txt, password.txt, etc.
• intitle:
• filetype:
• https://www.exploit-db.com/google-hacking-database (filtering options)

Email Harvesting

• theHarvester (not only emails, subdomains too, hosts)

Leaked Password Databases

• https://www.haveibeenpwned.com

Active Information Gathering

DNS Zone Transfers

• dnsenum (you can find internal ip address, dns zone transfer)
• dig
• fierce

Add Tools and commands

> netdiscover

> ip a s (find your internall ip info)

Nmap Quickstart Guide

> nmap -sn (basic nmap ping scan, mac scan)

> nmap -Pn (port scan, skips checking if the host is up)

> nmap -F (quick scan 100 most famous ports)

> nmap -sU (UDP scan)

> nmap -v -vv -vvv (verbose, very verbose, so much verbose)

> nmap -sV (service detection)

> nmap -O (opearating system detection, not always accurate)

> nmap -sC (nmap scripting engine)