Home » Contemporary Music Composition » Effective Information Gathering Techniques for Businesses

Effective Information Gathering Techniques for Businesses

Posted on Jan 14, 2025 in Contemporary Music Composition

Information Gathering

Business

Collect:

crunchbase.com or www.inc.com
Cached and archived sites: archive.org, Google (cache: URL)

Financial

Harvesting (emails, files, PDFs, etc.):

CASE I

theHarvester -d site -l 100 -b google
ORG (domain): Google (site: filetype:)

Social Media

People: LinkedIn, site:, www.pipl.com, Spokeo, People Finders, Crunchbase

Infrastructure

Domains, Netblocks or IPs, MX, ISPs, etc.
Whois – owner, DNS, MX, Exp

DNS Enumeration

DNSdumpster, DNSenum, DNSmap
nslookup site
rev – nslookup -type=PTR
nslookup -type=MX, NS
Zone – nslookup, NS-ser, ls -d domain
dig target PTR, MX, NS
dig axfr @target.com target

IP

>>nslookup >>server 10.50.96.5>>set q=NS

4)

>>foocampus.com

Reverse

nslookup NS or domain
Bing IP:
domain-neighbours, Robtex
domain-tools

Netblocks & AS

whois.arin.net, Maltego
Foca, Fierce, Dmitry

Live Hosts

fping -a -g IP/24
nmap -sn IP/24 –disable-arp-ping

Further DNS

nmap -sS -p53 IP
nmap -sU -p53 IP

After retrieving the IP, perform a reverse lookup to find domains and perform a zone transfer.

>> nslookup

>> server 10.50.96.5

>> ns.foocampus.com

>>dig @10.50.96.5 foocampus.com -t AXFR +nocookie

>>host -t axfr foocampus.com 10.50.96.5

>> nslookup

>> server 10.50.96.5

>> set q=MX

>> foocampus.com