Identify Technologies
Being able to identity what you are targeting is critical if you want to succeed. This can range to what CMS a website is using, where a site is hosted, to what potential targets are ‘hidden’ behind a ADFS server.
Netblocks
Can be automated with https://github.com/oldrho/ip2provider # MOVE TO ITS OWN TOOL PAGE.
Microsoft Products
| Notes | url |
|---|---|
| Find out what ADFS is used to for to authenticate to | https://adfs.domain.tld/adfs/ls/idpinitiatedsignon.aspx |
| Show information about O365/hybrid configs | https://login.microsoftonline.com/getuserrealm.srf?login=user@targetdomain.com&xml=1 |
| Show information disclosed from autodiscover | https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/user@targetdomain.com?Protocol=autodiscoverv1 |
G-Suite Usage
You are able to identify if a valid e-mail address usages G-suite by trying to authenticate to it.
AWS Usage
Look for content being pulled from S3 buckets.
https://[bucketname].s3.amazonaws.com
https://s3-[region].s3.amazonaws.com\[OrgName]
Box.com
Look for any login portal https://companyname.account.box.com
If so, try dorking them for cached content.
Website
External services
| Service | info |
|---|---|
| builtwith | Find out what websites are Built With |
Browser plugins
| Service | info |
|---|---|
| Wappalyzer | Uncovers technologies used on websites |
Related pages
| Name | Description |
|---|