A wide array of services, from banking and finance transactions to auctions and ticket reservations, are being offered to customers online. This means that an Internet presence for companies may encompass several domains for each of the different services being offered online.
Performing web application or web services assessment with 'zero' level knowledge for clients can be a daunting task for the web analyst. It is important to locate and footprint all critical domains running web applications or web services.
One of my previous papers discussed host-level footprinting to find applications pointing to specific IP addresses [http://www.infosecwriters.com/texts.php?op=display&id=259]. This paper focuses on domain footprinting and discusses a complete approach to identify and footprint all possible domains running web applications or web services.
Web applications are crawled by all popular search engines. Domains running web applications or web services may have some links that may have been cached and archived by these search engines. This considerably simplifies our task. In this paper, we demonstrate how advanced search options offered by search engines like
Google, A9, Yahoo, Alexa and others can be leveraged to obtain critical information about domains.
This document is in PDF format. To view it click here.