Reconnaissance: Email - Paiet/Tech-Journal-for-Everything GitHub Wiki

Email harvesting
- Web scraping
  - Third-party app
    - DEMO: theHarvester
  - Custom script
DNS harvesting
- Gather ip addresses associated with target network
- Give you a sense of network topology
- nslookup
  - set type=MX
  - set type=any
- whois
  - Info on the domain
    - Who is it registered to
    - What is the point of contact
    - Other contact info like phone numbers
    - May be a good source of social engineering information
- Zone Transfer
  - A complete copy of DNS info
  - Tools for performing zone transfers
    - dig axfr @dns-server domain.name
    - host -t axfr domain.name dns-server
      - AXFR is the protocol used for replicating data between DNS servers
      - https://cr.yp.to/djbdns/axfr-notes.html
    - DEMO: dig axfr @nsztm1.digi.ninja zonetransfer.me
      - https://digi.ninja/projects/zonetransferme.php