One of my old tools which helps for initials steps of Information Gathering. Basic, it works with dig, whois and nmap scan results. Unfortunately, it’s not really user-friendly and not documented. I’ve already coded the basic structure of new information gathering tool, however still needs a looot of work.


For a domain:
- Find Domain’s Name servers (NS Records)
- Find Domain’s Mail servers (MX Records)
- Find sub-domains using Google Search
- Find sub-domains using Brute force
- Find possible Clusters / Balancers (different IP, same Host)
- Find related domains
- Whois Domain details

For Name servers:
- Check Name Servers for Zone-Tranfers
- Check Name Servers for Version Bind (Banner)

For Mail servers:
- Check Mail Servers for User Enumeration (VRFY / EXPN)
- Check Mail Servers for Open Relay

For IP Addresses:
- Find Host Names
- Find Virtual Hosts using Bing API 2.0
- Whois IP details (Gets ISP / LIR details as well)
- Find more IP Ranges based on Net Name
- Find more IP Ranges based on Maintainer (mnt-by)

For Ports (import Nmap xml file):
- Find Port banner
- Find Web (HTTP/HTTPS) Ports
- Find Same Web Sites running on different IP / Port
- Check Web Ports for OPTIONS, Server Banner, Internal IPs exposure



Leave a Reply



July 28th



© 2019 SuRGeoNix | Security Blog