Skip to content

Infrastructure Identification

Netcraft can offer us information about the servers without even interacting with them, and this is something valuable from a passive information gathering point of view. We can use the service by visiting and entering the target domain.


Some interesting details we can observe from the report are:

Background General information about the domain, including the date it was first seen by Netcraft crawlers.
Network Information about the netblock owner, hosting company, nameservers, etc.
Hosting history Latest IPs used, webserver, and target OS.

We need to pay special attention to the latest IPs used. Sometimes we can spot the actual IP address from the webserver before it was placed behind a load balancer, web application firewall, or IDS, allowing us to connect directly to it if the configuration allows it.

Wayback Machine

We can check one of the first versions of captured on December 1, 2005, which is interesting, perhaps gives us a sense of nostalgia but is also extremely useful for us as security researchers.


We can also use the tool waybackurls to inspect URLs saved by Wayback Machine and look for specific keywords. Provided we have Go set up correctly on our host, we can install the tool as follows:

neutron@kali[/kali]$ go get

To get a list of crawled URLs from a domain with the date it was obtained, we can add the -dates switch to our command as follows:

neutron@kali[/kali]$ waybackurls -dates > waybackurls.txt
neutron@kali[/kali]$ cat waybackurls.txt