subdomains + port scan + web screenshots

👉 Overview

👀 What ?

Subdomains, port scans, and web screenshots are fundamental tools and techniques in the field of cybersecurity and penetration testing. A subdomain is a subdivision of your website that can exist as a new website without a new domain name. They are used to organize and navigate to different sections of your website. A port scan is a method used to identify open ports and services available on a network host. Web screenshots are images taken to capture what is present on a webpage at a given moment, often used to capture snapshots of potentially malicious activities on a website.

🧐 Why ?

These tools and techniques are essential for security professionals to protect their systems and networks. Subdomains can be used by attackers to host malicious content. Port scanning helps identify vulnerable entry points into a system. Web screenshots can be used to capture evidence of malicious activity or to monitor the behavior of a website over time. Understanding these concepts is vital for anyone involved in network security, as they form the basis for identifying and addressing security threats.

⛏️ How ?

To use these tools effectively, start by identifying your subdomains using a tool like Sublist3r or a similar tool. Then, perform a port scan on your network using a tool like Nmap. This will give you a snapshot of all open ports and services, which you can then secure as necessary. Use a tool like WebShot or a similar tool to take screenshots of your webpages. This will allow you to monitor your website and identify any changes that could indicate a security threat.

⏳ When ?

Port scanning, in particular, has been used since the early days of the internet to test network security. The use of subdomains and web screenshots has grown with the expansion of the web and the increasing sophistication of cyber threats.

⚙️ Technical Explanations

Subdomains are a subdivision of the primary domain in the Domain Name System (DNS) hierarchy. DNS is a protocol that translates human-readable domain names to IP addresses that computers use to identify each other on the network. For instance, in the domain name 'mail.example.com', 'mail' is a subdomain of 'example.com'. Subdomains are used to organize and navigate different sections of a website and can function as a separate website without needing a new domain name.

Port scanning is a technique used in cybersecurity to identify open ports available on a network host. Ports are communication endpoints where data enters and exits a computer connected to the internet. Each port is associated with a specific service or process on the system. When a port is 'open', it means a service on the system is listening for incoming connections on that port. Port scanning helps in identifying these open ports, which can be potential entry points for security threats. Tools like Nmap are commonly used for this purpose.

A web screenshot, also known as a webpage screenshot or website capture, is a digital image that captures the content of a web browser's visible area at a specific moment. This technique is often used in cybersecurity to provide visual evidence of a website's state at a given point in time, documenting changes, or capturing suspicious activities. It can be an effective tool for tracking visual changes on a website over time or for capturing and reporting potentially malicious activities.

Here is a detailed real-world example:

Step 1: Subdomain enumeration

Let's assume we have a domain example.com and we want to find its subdomains. We can use a tool like Sublist3r. Here is a command line example:

sublist3r -d example.com -o output.txt

This command tells Sublist3r to find subdomains for domain example.com and output the results to output.txt.

Step 2: Port scanning

After identifying subdomains, we can use Nmap to scan for open ports on one of the found subdomains, say, mail.example.com. Here's an example command:

nmap -Pn -p- mail.example.com

This command tells Nmap to perform a port scan on mail.example.com. The -Pn option tells Nmap to assume the host is up, and -p- instructs it to scan all 65535 ports.

Step 3: Web screenshot

Finally, we can take a screenshot of the webpage hosted on mail.example.com using a tool like WebShot with a command like this:

webshot --url <http://mail.example.com> --output screenshot.png

This command tells WebShot to take a screenshot of the webpage at http://mail.example.com and save it as screenshot.png.

Remember, each of these steps should be performed ethically and legally, and typically with permission from the owner of the system being tested.

🖇️ Références

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.