1
00:00:00,360 --> 00:00:06,900
OK, so the next tool that we're going to use is actually a website called Search DNS, dot net craft

2
00:00:06,900 --> 00:00:07,650
dot com.

3
00:00:07,890 --> 00:00:14,130
So you can use this Web site, you know, to give you insight on DNS information for a given domain

4
00:00:14,340 --> 00:00:19,210
so you can potentially learn things like, you know, the names of all the subdomains that exist for

5
00:00:19,210 --> 00:00:19,860
a domain.

6
00:00:20,460 --> 00:00:29,310
Who owns that domain IP addresses of their servers, names, server addresses, DNS admin information.

7
00:00:29,580 --> 00:00:33,810
You know, where is where these servers that these websites hosted.

8
00:00:33,960 --> 00:00:40,170
And you can even learn the operating system sometimes that is actually running on this system.

9
00:00:40,410 --> 00:00:45,150
OK, so when you get back into Kaylin, just click the little icon right here and just open a Web browser

10
00:00:45,300 --> 00:00:49,800
and it's going to take you to like the home like callisthenics page, like by default.

11
00:00:50,010 --> 00:00:51,930
It's just a file that's on the system.

12
00:00:52,650 --> 00:00:57,990
Like a copy of the website is online so we can do its search.

13
00:00:58,410 --> 00:01:02,880
DNS, the next cruft dot com.

14
00:01:04,490 --> 00:01:10,130
And just give it a second to load and then we're going to have an option, so let's say a site contains

15
00:01:10,490 --> 00:01:16,490
let's just say we're doing doo doo doo doo doo Amazon.com.

16
00:01:16,490 --> 00:01:18,550
We just want to learn a little bit more about Amazon.

17
00:01:19,340 --> 00:01:21,300
So let's go ahead.

18
00:01:21,320 --> 00:01:25,560
So we accept these cookies we're learning about.

19
00:01:25,580 --> 00:01:27,760
So you see right here, this is Amazon.com.

20
00:01:27,770 --> 00:01:31,550
This is a subdomain and click on this to figure out information.

21
00:01:31,550 --> 00:01:36,230
But you can see right here as like a little sciver portraying click on and get more information.

22
00:01:36,410 --> 00:01:38,270
But it has the operating system right here.

23
00:01:38,270 --> 00:01:46,250
Obviously, Amazon.com is running Microsoft Windows Server 2012, which isn't really the best idea right

24
00:01:46,250 --> 00:01:48,260
now since it's 20 20.

25
00:01:48,740 --> 00:01:53,880
But we're getting different subdomains and just different information.

26
00:01:53,880 --> 00:01:56,370
And as a report like on each one that we can look at.

27
00:01:57,110 --> 00:01:58,070
So it's pretty neat.

28
00:01:58,430 --> 00:02:01,870
And you can gather just a lot more information on our website.

29
00:02:01,880 --> 00:02:05,180
So if you're doing like a penetration test, you can get all kinds of information that people don't

30
00:02:05,180 --> 00:02:06,050
know on the Internet.

31
00:02:06,290 --> 00:02:11,470
So you can see this is all publicly available information so that anyone can just go out and, you know,

32
00:02:11,480 --> 00:02:16,100
search the Internet for it is definitely something that's worth using when you're conducting like an

33
00:02:16,100 --> 00:02:17,410
external assessment.

34
00:02:17,540 --> 00:02:18,490
See, it's pretty good.

35
00:02:18,500 --> 00:02:21,920
You know, you can have you get an IP address right here.

36
00:02:22,130 --> 00:02:25,820
We have the operating system is pretty neat.

37
00:02:25,820 --> 00:02:30,980
So I recommend that you guys definitely add this to your arsenal if you don't like passive recognizer's.