Passive Information Gathering

Posted by r3kind1e on August 10, 2022

Introduction To Information Gathering

什么是信息收集?

信息收集是任何渗透测试的第一步,涉及收集或收集有关您所针对的个人、公司、网站或系统的信息。 您对目标的信息越多,您在渗透测试的后期阶段就会越成功。 信息收集通常分为两种类型:

  • 被动信息收集——包括在不主动与目标接触的情况下收集尽可能多的信息。
  • 主动信息收集——通过积极参与目标系统来收集尽可能多的信息。 (您需要授权才能进行主动信息收集)

我们在寻找什么信息?

被动信息收集

  • 识别 IP 地址和 DNS 信息。
  • 识别域名和域名所有权信息。
  • 识别电子邮件地址和社交媒体资料。
  • 识别目标站点上使用的网络技术。
  • 识别子域。

主动信息收集

  • 发现目标系统上的开放端口。
  • 了解目标网络/组织的内部基础设施。
  • 枚举来自目标系统的信息。

Website Recon & Footprinting(网站侦察和足迹)

What are we looking for(我们在找什么)

  • IP addresses
  • Directories hidden from search engines
  • Names
  • Email addresses
  • Phone Numbers
  • Physical Addresses
  • Web technologies being used

Practical Demo(实际演示)

1
https://hackersploit.org/

Obtaining the IP addresses of the web server that hosting the website.

When you dealing the production site, the website might be behind a proxy or a firewall, like Cloudflare or Securi.

Two Ipv4 addresses, the reason for that is because this website does it work behind Cloudflare, which is firewall slash proxy, you are dealing with some former proxy.

1
2
3
4
5
6
7
8
9
10
11
12
┌──(root㉿kali)-[~]
└─# whatis host
host (1)             - DNS lookup utility
                                                                                                                                                                                             
┌──(root㉿kali)-[~]
└─# host hackersploit.org                                                                                                     
hackersploit.org has address 172.67.202.99
hackersploit.org has address 104.21.44.180
hackersploit.org has IPv6 address 2606:4700:3031::6815:2cb4
hackersploit.org has IPv6 address 2606:4700:3036::ac43:ca63
hackersploit.org mail is handled by 0 _dc-mx.2c2a3526b376.hackersploit.org.

1
https://hackersploit.org/robots.txt
1
2
3
4
5
6
User-agent: *
Disallow:

Disallow: /wp-content/uploads/wpo-plugins-tables-list.json

Sitemap: https://hackersploit.org/sitemap_index.xml
1
https://hackersploit.org/sitemap.xml

sitemap_index.png

author-sitemap.png

1
mozilla add ones
1
2
BuiltWith
Wappalyzer
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
─# whatweb 
WhatWeb - Next generation web scanner version 0.5.5.
Developed by Andrew Horton (urbanadventurer) and Brendan Coles (bcoles)
Homepage: https://www.morningstarsecurity.com/research/whatweb

Usage: whatweb [options] <URLs>

  <TARGETs>                     Enter URLs, hostnames, IP addresses, filenames or
                                IP ranges in CIDR, x.x.x-x, or x.x.x.x-x.x.x.x
                                format.
  --input-file=FILE, -i         Read targets from a file.

  --aggression, -a=LEVEL        Set the aggression level. Default: 1.
  1. Stealthy                   Makes one HTTP request per target and also
                                follows redirects.
  3. Aggressive                 If a level 1 plugin is matched, additional
                                requests will be made.

  --list-plugins, -l            List all plugins.
  --info-plugins, -I=[SEARCH]   List all plugins with detailed information.
                                Optionally search with a keyword.

  --verbose, -v                 Verbose output includes plugin descriptions.

Note: This is the short usage help. For the complete usage help use -h or --help.
1
2
3
4
┌──(root㉿kali)-[~]
└─# whatweb hackersploit.org 
http://hackersploit.org [301 Moved Permanently] Country[RESERVED][ZZ], HTTPServer[cloudflare], IP[172.67.202.99], RedirectLocation[https://hackersploit.org/], UncommonHeaders[report-to,nel,cf-ray,alt-svc]
https://hackersploit.org/ [200 OK] Country[RESERVED][ZZ], HTML5, HTTPServer[cloudflare], IP[172.67.202.99], JQuery[3.6.0,4.0.1], Modernizr[custom.min], Open-Graph-Protocol[website], PHP[7.4.30], Script[application/json,application/ld+json,text/javascript], Title[HackerSploit Blog - Free Red Team &amp; Penetration Testing TRaining], UncommonHeaders[link,x-wp-cf-super-cache,x-wp-cf-super-cache-active,x-wp-cf-super-cache-cache-control,x-wp-cf-super-cache-cookies-bypass,x-litespeed-cache,referrer-policy,x-turbo-charged-by,cf-cache-status,expect-ct,report-to,nel,cf-ray,alt-svc], WordPress, X-Powered-By[PHP/7.4.30]

The process of downloading an entire website.

1
2
3
httrack
https://www.httrack.com/
apt-get install webhttrack

Whois Enumeration(Whois 枚举)

Exploring the proccess of performing Whois lookups to identify information ragarding a particular domain. If you targeting a website, it is always important to perform a whois lookup to essentially get ideas of when the site is regiestered or own what is destruct or registered with, so far.

hackersploit

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
└─# whois hackersploit.org
Domain Name: hackersploit.org
Registry Domain ID: 77f8fe62a425487cbefef4bf7e27d2ec-LROR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-02-05T16:01:46Z
Creation Date: 2018-04-05T11:27:07Z
Registry Expiry Date: 2023-04-05T11:27:07Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dee.ns.cloudflare.com
Name Server: jim.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2022-08-08T02:34:32Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

Terms of Use: Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Donuts except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.  The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.

ZoneTransfer.me

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
└─# whois zonetransfer.me 
Domain Name: ZONETRANSFER.ME
Registry Domain ID: D108500000003513097-AGRS
Registrar WHOIS Server:
Registrar URL: http://www.meshdigital.com
Updated Date: 2022-01-05T10:14:50Z
Creation Date: 2011-12-27T15:34:08Z
Registry Expiry Date: 2023-12-27T15:34:08Z
Registrar Registration Expiration Date:
Registrar: Mesh Digital Limited
Registrar IANA ID: 1390
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: DigiNinja
Registrant State/Province: Routerville
Registrant Country: GB
Name Server: NSZTM1.DIGI.NINJA
Name Server: NSZTM2.DIGI.NINJA
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2022-08-08T04:01:50Z <<<

who.is

whois-name-servers-ip.png

We can perform one of the Name Server IP for Cloudflare. (Not recommand)

who-is-ip.png

1
2
3
4
5
6
└─# host hackersploit.org
hackersploit.org has address 172.67.202.99
hackersploit.org has address 104.21.44.180
hackersploit.org has IPv6 address 2606:4700:3036::ac43:ca63
hackersploit.org has IPv6 address 2606:4700:3031::6815:2cb4
hackersploit.org mail is handled by 0 _dc-mx.2c2a3526b376.hackersploit.org.
1
whois 172.67.202.99

Website Footprinting With Netcraft(使用 Netcraft 进行网站足迹)

netcraft

Services->Internet Data Mining

netcraft-internet-data-mining.png

netcraft-internet-data-mining1.png

点击Look up another site?,输入https://hackertube.net/

DNS Recon(DNS侦察)

dnsrecon

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
┌──(root㉿kali)-[~]
└─# dnsrecon -d hackersploit.org                          
[*] std: Performing General Enumeration against: hackersploit.org...
[*] DNSSEC is configured for hackersploit.org
[*] DNSKEYs:
[*]     None KSk ECDSAP256SHA256 99db2cc14cabdc33d6d77da63a2f15f7 1112584f234e8d1dc428e39e8a4a97e1 aa271a555dc90701e17e2a4c4b6f120b 7c32d44f4ac02bd894cf2d4be7778a19
[*]     None ZSK ECDSAP256SHA256 a09311112cf9138818cd2feae970ebbd 4d6a30f6088c25b325a39abbc5cd1197 aa098283e5aaf421177c2aa5d714992a 9957d1bcc18f98cd71f1f1806b65e148
[*]      SOA dee.ns.cloudflare.com 173.245.58.93
[*]      SOA dee.ns.cloudflare.com 172.64.32.93
[*]      SOA dee.ns.cloudflare.com 108.162.192.93
[*]      SOA dee.ns.cloudflare.com 2803:f800:50::6ca2:c05d
[*]      SOA dee.ns.cloudflare.com 2a06:98c1:50::ac40:205d
[*]      SOA dee.ns.cloudflare.com 2606:4700:50::adf5:3a5d
[*]      NS dee.ns.cloudflare.com 173.245.58.93
[-]      Recursion enabled on NS Server 173.245.58.93
[*]      NS dee.ns.cloudflare.com 2a06:98c1:50::ac40:205d
[*]      NS dee.ns.cloudflare.com 2606:4700:50::adf5:3a5d
[*]      NS dee.ns.cloudflare.com 2803:f800:50::6ca2:c05d
[*]      NS jim.ns.cloudflare.com 173.245.59.125
[-]      Recursion enabled on NS Server 173.245.59.125
[*]      NS jim.ns.cloudflare.com 108.162.193.125
[-]      Recursion enabled on NS Server 108.162.193.125
[*]      NS jim.ns.cloudflare.com 172.64.33.125
[-]      Recursion enabled on NS Server 172.64.33.125
[*]      NS jim.ns.cloudflare.com 2803:f800:50::6ca2:c17d
[*]      NS jim.ns.cloudflare.com 2a06:98c1:50::ac40:217d
[*]      NS jim.ns.cloudflare.com 2606:4700:58::adf5:3b7d
[*]      MX _dc-mx.2c2a3526b376.hackersploit.org 198.54.120.212
[*]      A hackersploit.org 104.21.44.180
[*]      A hackersploit.org 172.67.202.99
[*]      AAAA hackersploit.org 2606:4700:3031::6815:2cb4
[*]      AAAA hackersploit.org 2606:4700:3036::ac43:ca63
[*]      TXT hackersploit.org google-site-verification=TW0pQsFZ0xx3w4b7kysBV0UrcMq7fJFB-5Rz9h6GwkU
[*]      TXT hackersploit.org v=spf1 a:my.hackersploit.org ~all
[*] Enumerating SRV Records
[+] 0 Records Found

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
┌──(root㉿kali)-[~]
└─# dnsrecon -d zonetransfer.me 
[*] std: Performing General Enumeration against: zonetransfer.me...
[-] DNSSEC is not configured for zonetransfer.me
[*]      SOA nsztm1.digi.ninja 81.4.108.41
[*]      NS nsztm2.digi.ninja 34.225.33.2
[-]      Recursion enabled on NS Server 34.225.33.2
[*]      NS nsztm1.digi.ninja 81.4.108.41
[-]      Recursion enabled on NS Server 81.4.108.41
[*]      MX ASPMX2.GOOGLEMAIL.COM 142.250.141.27
[*]      MX ALT1.ASPMX.L.GOOGLE.COM 142.250.141.27
[*]      MX ASPMX5.GOOGLEMAIL.COM 142.250.152.27
[*]      MX ASPMX.L.GOOGLE.COM 142.251.8.26
[*]      MX ASPMX3.GOOGLEMAIL.COM 142.250.115.26
[*]      MX ASPMX4.GOOGLEMAIL.COM 64.233.171.26
[*]      MX ALT2.ASPMX.L.GOOGLE.COM 142.250.115.26
[*]      A zonetransfer.me 5.196.105.14
[*]      TXT zonetransfer.me google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA
[*] Enumerating SRV Records
[+]      SRV _sip._tcp.zonetransfer.me www.zonetransfer.me 5.196.105.14 5060
[+] 1 Records Found

DNSdumpster

WAF With wafw00f

wafw00f

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
┌──(root㉿kali)-[~]
└─# wafw00f hackersploit.org

                ______
               /      \
              (  W00f! )
               \  ____/
               ,,    __            404 Hack Not Found
           |`-.__   / /                      __     __
           /"  _/  /_/                       \ \   / /
          *===*    /                          \ \_/ /  405 Not Allowed
         /     )__//                           \   /
    /|  /     /---`                        403 Forbidden
    \\/`   \ |                                 / _ \
    `\    /_\\_              502 Bad Gateway  / / \ \  500 Internal Error
      `_____``-`                             /_/   \_\

                        ~ WAFW00F : v2.1.0 ~
        The Web Application Firewall Fingerprinting Toolkit
    
[*] Checking https://hackersploit.org
[+] The site https://hackersploit.org is behind Cloudflare (Cloudflare Inc.) WAF.
[~] Number of requests: 2

This site is not be protected by a Web Application Firewall(WAF), that means IP address we identified with DNSDumpster could possibly be IP address of the server that actually hosting the website.

1
2
3
4
5
6
7
┌──(root㉿kali)-[~]
└─# wafw00f zonetransfer.me  
[*] Checking https://zonetransfer.me
[+] Generic Detection results:
[-] No WAF detected by the generic detection
[~] Number of requests: 7

1
2
3
4
5
┌──(root㉿kali)-[~]
└─# wafw00f hackertube.net    
[*] Checking https://hackertube.net
[+] The site https://hackertube.net is behind Sucuri CloudProxy (Sucuri Inc.) WAF.
[~] Number of requests: 2

测试所有可能的 WAF 实例

测试所有可能的 WAF 实例

选项:-a--findall

此选项有助于在运行时设置 WAFW00F,并允许您枚举正在测试的站点上所有可能的 WAF 实例。这背后的逻辑是 WAFW00F 在其整个数据库中继续测试和匹配指纹,并且不会完全停止在第一个匹配的实例上。

1
wafw00f http://example.com -a
1
2
3
4
5
6
7
8
9
┌──(root㉿kali)-[~]
└─# wafw00f https://hackertube.net -a
                                                                                                                                                                   
[*] Checking https://hackertube.net
[+] The site https://hackertube.net is behind Sucuri CloudProxy (Sucuri Inc.) WAF.
[+] Generic Detection results:
[-] No WAF detected by the generic detection
[~] Number of requests: 7

1
2
3
4
5
6
7
┌──(root㉿kali)-[~]
└─# wafw00f zonetransfer.me -a                
[*] Checking https://zonetransfer.me
[+] Generic Detection results:
[-] No WAF detected by the generic detection
[~] Number of requests: 7

Subdomain Enumeration With Sublist3r(使用 Sublist3r 进行子域枚举)

Sublist3r

1
2
3
4
5
6
7
sublist3r -d hackersploit.org -e google,yahoo
sublist3r -d hackersploit.org -e yahoo
sublist3r -d hackersploit.org
sublist3r -d www.hackersploit.org -e DNSdumpster
sublist3r -d www.hackersploit.org -e Netcraft
sublist3r -d zonetransfer.me
sublist3r -d ine.com

Google Dorks

Limit all results to this particular domain:

1
site:ine.com
1
2
site:ine.com inurl:admin
site:ine.com inurl:forum

enumerate subdomains via Google:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
site:*.ine.com
site:*.ine.com inurl:admin
site:*.ine.com intitle:admin
site:*.ine.com filetype:pdf
site:*.ine.com filetype:pdf sales
site:*.ine.com filetype:pdf crm
site:*.ine.com filetype:pdf marketing
site:*.ine.com filetype:xlsx
site:*.ine.com filetype:doc
site:*.ine.com filetype:docx
site:*.ine.com filetype:zip
site:ine.com filetype:xlsx
site:ine.com filetype:docx
site:ine.com employees
site:ine.com instructors
1
2
intitle:index of
cache:ine.com

Wayback Machine is the site that stores all of the versions of site.

1
2
inurl:auth_user_file.txt
inurl:passwd.txt

Google Hacking Database

1
2
site:gov.* intitle:"index of" *.csv
site:gov.* intitle:"index of" *.csv passwords

Category选择Files Containing Passwords

1
intitle:"index of" "credentials"

Quick Search 中输入wp

1
2
inurl:/wp-content/uploads/ ext:txt "username" | “user name” | “uname” | “user” | “userid” | “user id” AND "password" | “pass word” | "pwd" | "pw"
inurl:wp-config.bak

Email Harvesting With theHarvester(使用 theHarvester 进行电子邮件收割)

theHarvester

1
2
3
4
5
┌──(root㉿kali)-[~]
└─# theHarvester
usage: theHarvester [-h] -d DOMAIN [-l LIMIT] [-S START] [-g] [-p] [-s] [--screenshot SCREENSHOT] [-v] [-e DNS_SERVER] [-t DNS_TLD] [-r] [-n] [-c] [-f FILENAME] [-b SOURCE]
theHarvester: error: the following arguments are required: -d/--domain

1
2
3
4
theHarvester -d hackersploit.org -b google,linkedin
theHarvester -d HackerSploit -b google,linkedin
heHarvester -d hackersploit.org

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
└─# theHarvester -d hackersploit.org -b google,linkedin,yahoo,dnsdumpster,duckduckgo,crtsh,rapiddns 

[*] Target: hackersploit.org 
 
[*] Searching Dnsdumpster. 
[*] Searching CRTsh. 
[*] Searching Duckduckgo. 
[*] Searching Rapiddns. 
[*] Searching Google. 
[*] Searching Linkedin. 

[*] No LinkedIn users found.

[*] LinkedIn Links found: 0
---------------------

[*] No IPs found.

[*] No emails found.

[*] Hosts found: 33
---------------------
apps.community.hackersploit.org
cloud.hackersploit.org
community.hackersploit.org
dc-8362e7e54e2a.hackersploit.org:198.54.120.212
dc-mx.2c2a3526b376.hackersploit.org
demo.hackersploit.org
forum.hackersploit.org:2606:4700:3031::6815:2cb4
forum.hackersploit.org:104.21.44.180, 172.67.202.99
forum.hackersploit.org:104.21.44.180
forum.hackersploit.org:172.67.202.99
forum.hackersploit.org:172.67.202.99, 104.21.44.180
forum.hackersploit.org:2606:4700:3036::ac43:ca63
hackersploit.org:_dc-mx.2c2a3526b376.hackersploit.org
my.hackersploit.org
new.hackersploit.org
preview.community.hackersploit.org
prm.hackersploit.org:2606:4700:3036::ac43:ca63
prm.hackersploit.org
prm.hackersploit.org:2606:4700:3031::6815:2cb4
studio.community.hackersploit.org
studio.hackersploit.org
test.hackersploit.org
videos.hackersploit.org
www.hackersploit.org:104.21.44.180, 172.67.202.99
www.hackersploit.org:104.21.44.180
www.hackersploit.org:2606:4700:3036::ac43:ca63
www.hackersploit.org:172.67.202.99
www.videos.hackersploit.org

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
theHarvester -d zonetransfer.me -b google,linkedin,yahoo,dnsdumpster,duckduckgo,crtsh
[*] Target: zonetransfer.me 
 
[*] Searching CRTsh. 
[*] Searching Dnsdumpster. 
[*] Searching Duckduckgo. 
[*] Searching Linkedin. 
[*] Searching Google. 

[*] No LinkedIn users found.

[*] LinkedIn Links found: 0
---------------------

[*] No IPs found.

[*] No emails found.

[*] Hosts found: 2
---------------------
www.zonetransfer.me:5.196.105.14
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
└─# theHarvester -d ine.com -b google,linkedin,yahoo,dnsdumpster,duckduckgo,crtsh        

[*] Target: ine.com 
 
[*] Searching CRTsh. 
[*] Searching Dnsdumpster. 
[*] Searching Duckduckgo. 
[*] Searching Linkedin. 
[*] Searching Google. 

[*] No LinkedIn users found.

[*] LinkedIn Links found: 0
---------------------

[*] No IPs found.

[*] No emails found.

[*] Hosts found: 97
---------------------
admin-api.ine.com:3.209.49.29
admin.ine.com
ads.ine.com:64.22.127.46
api.staging.ine.com
apparel.ine.com:23.227.38.74
assets.ine.com:143.204.89.6, 143.204.89.104, 143.204.89.96, 143.204.89.30
assets.ine.com:143.204.89.6
awsvpn.ine.com
blog.ine.com:3.213.11.40
blog.ine.com:3.213.11.40, 3.227.72.202
bootcamps.ine.com:23.227.38.74
business.ine.com:13.224.189.5, 13.224.189.6, 13.224.189.50, 13.224.189.25
business2.development.ine.com:76.76.21.22, 76.76.21.9
business2.ine.com:76.76.21.142, 76.76.21.123
business2.staging.ine.com:76.76.21.98, 76.76.21.61
careers.ine.com:54.254.43.115, 175.41.182.117
checkout.ine.com:99.86.4.27, 99.86.4.117, 99.86.4.121, 99.86.4.44
chef01.ine.com:52.71.19.199
clicks.ine.com:108.138.17.20, 108.138.17.104, 108.138.17.5, 108.138.17.24
clicks.ine.com:108.138.17.20
cloudfront.demos.ine.com
co51vpn.ine.com:24.172.112.44
community.development.ine.com:3.80.85.11
community.ine.com:64.71.144.209
content-api.development.ine.com
content-api.ine.com:54.89.6.234, 54.87.152.211
content-api.ine.com:54.89.6.234
content-api.staging.ine.com
courses.ine.com:52.200.181.25, 3.208.64.123, 54.161.176.69, 52.0.185.112, 34.232.23.65, 52.20.119.123
dashboard.development.ine.com:76.76.21.142, 76.76.21.123
dashboard.ine.com:76.76.21.22, 76.76.21.241
dashboard.staging.ine.com:76.76.21.164, 76.76.21.22
development.ine.com
discourse.ine.com
events.development.ine.com
events.ine.com:108.138.17.55, 108.138.17.108, 108.138.17.25, 108.138.17.41
ieclass.ine.com:75.140.41.35
info.ine.com:54.254.43.115, 175.41.182.117
internal.ine.com
labs.ine.com
learn.ine.com:199.60.103.228, 199.60.103.28
live.ine.com:52.2.176.51
live2.ine.com:52.2.39.156
logs.ine.com:50.16.129.90
marketing.ine.com
media2.ine.com:208.72.130.77
members.ine.com:54.67.95.184, 13.52.171.0
members.ine.com:54.67.95.184
my.development.ine.com:13.225.78.33
my.development.ine.com:13.225.78.33, 13.225.78.47, 13.225.78.112, 13.225.78.43
my.ine.com:143.204.215.106, 143.204.215.77, 143.204.215.56, 143.204.215.36
my.staging.ine.com
packet.ine.com:104.236.221.73
pritunl.ine.com:34.206.234.208, 54.163.253.84
pritunl.ine.com:34.206.234.208
profiles.ine.com:52.55.140.61, 34.197.91.25, 52.54.108.29
racks.ine.com:24.172.112.44
racks2.ine.com:24.172.112.44
rancher.development.ine.com
rancher.ine.com:35.153.10.167
rancher.ine.com:35.153.10.167, 54.172.101.195, 18.211.73.250
rentals.ine.com:54.241.208.226
scrack-vpn.ine.com:75.140.41.125
security-awareness.development.ine.com
security-awareness.ine.com:52.54.151.242
security-awareness.ine.com:52.54.151.242, 3.230.54.44
security-awareness.staging.ine.com
shop.ine.com:23.227.38.74
shopify.ine.com:104.236.221.73
staging.ine.com
statistics.ine.com:54.198.0.34, 52.5.109.2, 52.7.128.126, 52.23.34.193, 34.234.89.121, 54.236.92.114
stgacp.ine.com:13.52.60.110
store.ine.com
subscriptions.development.ine.com:3.229.74.226, 52.20.201.85, 52.54.1.183
subscriptions.ine.com:34.197.91.25, 52.55.140.61, 52.54.108.29
suite.ine.com
support.ine.com:75.140.41.26
try.ine.com:54.254.43.115, 175.41.182.117
uaa.development.ine.com:3.229.74.226, 52.20.201.85, 52.54.1.183
updates.ine.com:23.21.86.19
virl.ine.com:104.236.221.73
vorack-vpn.ine.com
workbooks.ine.com:34.196.77.44
www.admin.ine.com
www.bootcamps.ine.com:23.227.38.74
www.ine.com:76.76.21.142, 76.76.21.123
www.info.ine.com
www.members.ine.com
www.rentals.ine.com
www2.ine.com:23.227.38.74

recommmand spyse, but is is not accessible now :(

Leaked Password Databases(泄露的密码数据库)

have i been pwned?

1
2
alexis@hackersploit.org
pippa@zontransfer.me