Module 3 - Information Gathering / Reconnaissance

Question 1

RobTex

Answer 1

WHOIS (name and IP)WHOIS lookups by name and IP address
Checks of IP addresses for DNS reverse lookups and forwards
Searches of DNS registration records
Searches of Autonomous System (AS) numbers
Identification of neighboring domain names
Searches of domain names that share a common IP address

Question 2

CentralOps.net

Answer 2

Domain dossiers
Domain name checks
PINGs to servers
Trace routes to servers
WHOIS lookups

Question 3

Way Back Machine

Answer 3

archive.org

Question 4

Alexa.org

Answer 4

Web Metrics

Question 5

netcraft.com

Answer 5

IP address for DNS server and website/application
Domain name registration information
OS footprinting information (This information may be dated.)

Question 6

domaintools.com

Answer 6

domain name and whois

Question 7

DNSstuff.com

Answer 7

Domain names
IP addresses
Trace routes
DNS resolution times

Question 8

infosniper.net

Answer 8

locations of IP - may be different than registration

Question 9

Pages cached by Google

Answer 9

archive

Question 10

Sources of Operations Info

Answer 10

SEC filings
Help forums
Press releases
Job postings
Pastebin
Social Networks

Question 11

Robtex Records

Answer 11

Domain names
IP Addresses
Name servers
Mail servers
AS information
Graphs
Shared
WhoIs