Inforfinder is a tool to obtain information from an IP or a domain. It is an ideal tool to work in systems or development as well as for pentesting. Obtaining information with inforfinder is very easy as we will see below.
With this tool you can get a list of domains from an IP. You can also get the subdomains from the domains by dictionary, see CMS versions (wordpress, prestashop, etc) installed on each domain and see information about the web server.
It can be downloaded from https://github.com/ggusoft/inforfinder
The following parameters are supported:
root@host:/home/user/inforfinder/src# python inforfinder.py
,#@@@ +++ #+++
@@@### @@@ @@@#
@+ @@@ @@@#
`@ @@@ @@@ @@@#
`@ ##@ @@@ @@@#
@' @ @@@ @@@#
@@@@@@ @@@ @@@#
,#### @@@ @@@#
@@@ @@@#
@@@@@ @@@ @@@#
@@ @@@ @@@#
@. @@@ @@@#
.@ @@@ @@@' @@@;
@. @ @@@@, @@@@
@@ @ @@@@@@@@@@@#
@@@@@ .@@@@@@@@@@
:;'':.
@@@@ ,@@@, +@@@@@@@@
+' @ @ @ @
@@@@ @ @ @@@@ @
@`@ @ @ @
`@@@@ '@#@+ @ @
________________________________________________________________________
InforFinder v1.0.9
Powered By GGUsoft 2017
Domain collector and CMS recognizer / HTTP information server collector
________________________________________________________________________
Commands:
-d Gets a domain for apply any optional commands
-dD Gets a domain list hosted in IP of the specified domain
-dI Gets a domain list hosted in the specified IP
-dR Gets a domain list hosted in every IP of the specified range
-dF Gets a list with all domains hosted at same IP from a file, the file contens a IP by line
Optionals:
inforfinder -cms Checks if every domain found has a cms website (wordpress, joomla ,etc) and show version
inforfinder -servinfo Checks web server parameter
inforfinder --subdomain-enum Lists subdomains of every domain found
To obtain the list of domains would be:
python inforfinder.py -dD dominio.com
This will return the list of domains on the server where domain.com is hosted.
To obtain the list of domains from an IP, i.e. the list of domains hosted on an IP, enter:
python inforfinder.py -dI 8.8.8.8
To obtain the list of domains from an IP, i.e. the list of domains hosted in a range of IP addresses, in this example case would give us the list of domains in each IP between 8.8.8.8.8 and 8.8.8.254, for this, we introduce:
python inforfinder.py -dI 8.8.8.8 8.8.8.254
To any of the previous options, we can add -cms, to check if any of the domains hosts any CMS and to tell us which version it has:
python inforfinder.py -dI 8.8.8.8 -cms
We can also add the -servinfo option to give us server information:
python inforfinder.py -dI 8.8.8.8 -cms -servinfo
And we can add the –subdomain-enum option to search for subdomains based on the dictionary located in the “subdomlist.txt” file in the src subdirectory of the inforfinder root directory:
python inforfinder.py -dI 8.8.8.8 -cms -servinfo --subdomain-enum
If you are interested in seeing more pentesting articles, for example, how you can escalate privileges, see https://aprendeit.com/escalar-privilegios-desde-administrator-a-system-en-windows/