Skills Assessment
To complete this skills assessment, you will need to apply various techniques learned in this module, including:
- Using whois
- Analyzing
robots.txt
- Performing subdomain brute-forcing
- Crawling and analyzing results
Demonstrate your proficiency by effectively utilizing these techniques. Remember to add subdomains to your hosts file as you discover them.
Question 5: What is the API key the developers will be changing to?
vHosts needed: example.com
Step 1: Add $TargetIP and vhost to hosts
1
2
| sudo nano /etc/hosts
$TargetIP example.com
|
Step 2: Find subdomains with gobuster
1
| gobuster vhost -u http://xxxx.example.com:$Port -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain
|
Step 3: Add new subdomain to hosts
1
2
| sudo nano /etc/hosts
$TargetIP sub1xxx.example.com
|
Step 4: Use gobuster again and update hosts
1
| gobuster vhost -u http://sub1xxx.example.com:$Port -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain
|
Result
1
| Found: dev.sub1xxx.example.com:$Port Status: 200
|
Step 5: Install scrapy and ReconSpider
1
2
3
4
5
6
7
| pip3 install scrapy
wget -O ReconSpider.zip https://example.com/ReconSpider.zip
unzip ReconSpider.zip
python3 ReconSpider.py http://dev.sub1xxx.example.com:$Port
|
Step 6: Analyze the results
1
2
3
4
5
6
7
8
9
10
11
12
| {
"emails": [
"xxxxtesting@example.com"
],
"links": [
"http://dev.sub1xxx.example.com:$Port/index-001.html",
"http://dev.sub1xxx.example.com:$Port/index-002.html"
],
"comments": [
"<!-- Remember to change the API key to ba****************************** -->"
]
}
|
Great! Happy Hunting 🔎
Go to Module
