Probe Security Headers
Check HTTP security headers across your web properties to identify missing protections like CSP, HSTS, and X-Frame-Options.
Network Reconnaissance
Map the complete network attack surface through DNS enumeration, geolocation, service probing, and attack vector analysis.
Effective security testing begins with thorough reconnaissance. Understanding the full scope of a target network, from DNS records through hosting infrastructure to running services, determines the quality and coverage of subsequent security testing. Incomplete reconnaissance leads to blind spots that attackers will find.
This workflow performs systematic network reconnaissance starting with DNS enumeration, mapping the network topology through geolocation and ASN analysis, enumerating services across all discovered hosts, and identifying the most promising attack vectors. The result is a complete attack surface map that guides focused, efficient security testing.
Steps
1
DNS Reconnaissance
Perform comprehensive DNS enumeration to discover all associated hosts, mail servers, and service records.
Input: Target domain for DNS reconnaissance.
Output: All DNS records revealing the target network topology and service architecture.
2
Map Network Topology
Geolocate and identify all hosting providers, ASNs, and network ranges associated with discovered IPs.
Input: IP addresses discovered through DNS enumeration.
Output: Network topology map with ISPs, ASNs, geographic distribution, and hosting providers.
3
Service Enumeration
Probe all discovered hosts to enumerate running services, web technologies, and open ports.
Input: List of IPs and hostnames to probe.
Output: Running services, technology stacks, HTTP responses, and server banners per host.
4
Identify Attack Vectors
Analyze the discovered infrastructure to identify potential attack vectors and entry points for further testing.
Input: Consolidated reconnaissance data from previous steps.
Output: Prioritized list of potential attack vectors, weak points, and recommended testing areas.
Benefits
- Map the complete network attack surface before testing begins
- Identify all hosting providers and network ranges in scope
- Discover services and technologies that inform testing strategies
- Prioritize attack vectors based on discovered infrastructure
Related Use Cases
Discover Hidden Services
Find hidden or forgotten web services running on your infrastructure that may be exposed without your knowledge.
Look Up DNS Records
Query DNS records for any domain to inspect A, AAAA, MX, CNAME, TXT, and NS configurations.
Check DNS Propagation Status
Verify whether recent DNS changes have propagated and the new records are live.
Geolocate Website Visitors
Determine the geographic location of website visitors from their IP addresses for analytics and personalization.
Detect Suspicious Login Locations
Flag logins from unexpected geographic locations by comparing IP geolocation against known user patterns.
Scan Web Application Vulnerabilities
Run comprehensive vulnerability scans against web applications to identify security weaknesses.
Test API Security
Assess the security of REST APIs by testing authentication, authorization, input validation, and injection resistance.