Domain information search to build a profile of an organisations Internet infrastructure, hosting and other details. A useful fast check when performing the information gathering phase of a vulnerability assessment. Determine web technologies and server environments in use by an organisation.
This test can be used to research any domain. It is non-intrusive gathering open source information passively.
Start Domain Profiler Collection
Access to scanning is restricted.
- Get an understanding of an organisations Internet “footprint”.
- Gather information about an organisation such as sub-domains and DNS information.
- Build a list of technologies and IP address information of all discovered sub-domains.
About the Domain Profiler Report
A domain search tool that uses common dns lookup tools, whois, online resources, a security search engine (SHODAN) and a database of host-names to build a comprehensive organizational analysis based around a domain name. Great for getting started on the reconnaissance phase of your assessment.
Note that the data detailed in this report is collected in a passive manner, the only queries that will go to the target are the DNS lookups.
When approaching an organizational vulnerability assessment or a penetration test, it is common practice that intelligence gathering will take place during the initial phase. This creates a profile of the attack surface that will then be probed for security vulnerabilities or weakness.
Information is gathered regarding a domain name and bundled into an easy to read pdf report. Some of the information sources include:
- DNS Records
- Online Reputation Services
- Shared IP Hosting
- Shodan Search Engine
- Whois Data
- IP Geolocation Sources