Government Security
Network Security Resources

Jump to content


Public Facing Infrastructure

server audit
  • Please log in to reply
4 replies to this topic

#1 cb122


    Private First Class

  • Members
  • 37 posts

Posted 16 May 2011 - 05:09 AM

Has anyone got a simple methodology to find an organisations web presence/web infrastructure?
For example if you visit , how can you use the IP output of ping to identify all other public facing infrastructure for that company to include in the scope of your pen test/audit?
Is it even possible to verify you have found all their internet facing systems/servers - or is that impossible to do?

#2 bonarez


    Retired GSO Second Lieutenant

  • Sergeant Major
  • 1,252 posts

Posted 16 May 2011 - 08:09 AM

Take a look at Maltego, try playing around with DNS and IP transforms

Community Edition is free, although limited in number of transforms
"Ask the right question and you will receive the right answer. I'm just very sensitive about the right syntax"

Read the rules before you post

#3 Glyph


    General of the Army

  • GSO Management
  • 1,606 posts

Posted 16 May 2011 - 11:22 AM

perl -dns domain.tld is another approach.

#4 Marts McFly

Marts McFly

    Global Moderator

  • Colonel
  • 591 posts

Posted 16 May 2011 - 08:41 PM

I agree with the above. DNS is your friend here. Fierce or DNSMap will do reverse DNS lookups (sort of like a bruteforce) on that company's domain name. 'Most' times you will start seeing a lot of other public facing systems they own (like FTp servers, webmail servers etc). Maltego is also good for doing this type of recon, as suggested by Bonarez.

Also if you do a WHOIS of the company, you may find if they are allocated an IP address range. If so, you could then port/service scan this IP range (with NMap for example), looking for port 80/443 (for web interfaces). Some services might be IP only, and DNS will not help you in locating them.

This is provided the scope of the pentest allows you to port scan their external IP addresses.
Certified Information Systems Security Professional (CISSP)



#5 cb122


    Private First Class

  • Members
  • 37 posts

Posted 17 May 2011 - 01:02 AM

Thanks all...

Also tagged with one or more of these keywords: server, audit