La nueva FOCA 2.7
- 42. FOCA 1 v. RC3Fingerprinting Organizations with Collected Archives
- 56. Network DiscoveryAlgorithmhttp://apple1.sub.domain.com/~chema/dir/fil.dochttp -> Web server GET Banner HTTPdomain.com is a domainSearch NS, MX, SPF records for domain.comsub.domain.com is a subdomainSearch NS, MX, SPF records for sub.domain.comTry allthe non verified servers onall new domainsserver01.domain.comserver01.sub.domain.comApple1.sub.domain.com is a hostnameTry DNS Prediction (apple1) onalldomainsTry Google Sets(apple1) onalldomains
- 57. Network DiscoveryAlgorithmhttp://apple1.sub.domain.com/~chema/dir/fil.doc11) Resolve IP Address12) GetCertificate in https://IP13) Searchfordomainnames in it14) Get HTTP Banner of http://IP15) Use Bing Ip:IPtofindalldomainssharingit16) Repeatforevery new domain17) Connecttotheinternal NS (1 orall)18) Perform a PTR Scansearchingforinternal servers19) Forevery new IP discovered try Bing IP recursively20) ~chema-> chemaisprobably a user
- 58. Network DiscoveryAlgorithmhttp://apple1.sub.domain.com/~chema/dir/fil.doc21) / , /~chema/ and /~chema/dir/ are paths22) Try directorylisting in allthepaths23) Searchfor PUT, DELETE, TRACE methods in everypath24) Fingerprint software from 404 error messages25) Fingerprint software fromapplication error messages26) Try commonnamesonalldomains (dictionary)27) Try Zone Transfer onall NS28) Searchforany URL indexedby web enginesrelatedtothehostname29) Downloadthe file30) Extractthemetadata, hiddeninfo and lost data31) Sortallthisinformationand presentitnicely32) Forevery new IP/URL startoveragain