Gather Information on websites

What is information gathering

Information gathering is an art of gathering information about your target. Before hacking into websites or Systems you have to gain as much information as possible about your target.

Information Gathering is very first phase of penetration testing.If the information gathered shows a poorly defended computer system, an attack will be launched, and unauthorized access will be gained. However, if the target is highly protected, the hacker will think twice before attempting to break in. It will be dependent upon the tools and systems that protect the target. Again, the key here is the amount of information he has gathered beforehand.

WIth Kali Linux we have many great tools for gathering information effectively.

Open your terminal :

Extract basic Information of website

Whois extracts basic information of the website like ,nameservers ,registrar name,admin email,phone numner(only if not protected),domain expiry date etc.

root@seven:~# whois
Registry Registrant ID: 
Registrant Name: Domain Administrator
Registrant Organization: Microsoft Corporation
Registrant Street: One Microsoft Way, 
Registrant City: Redmond
Registrant State/Province: WA
Registrant Postal Code: 98052
Registrant Country: US
Registrant Phone: +1.4258828080
Registrant Phone Ext: 
Registrant Fax: +1.4259367329
Registrant Fax Ext: 
Registrant Email:
Registry Admin ID: 

Get the Ip Addresses of website

It's always good idea to find all the available ip addresses of your target in this way you always know what website you are targeting.

Host tool return you all the available ip addresses of a host.

root@seven:~# host has address has address has address has address has address

Addition Information with -a

The -a (all) option is equivalent to setting the -v option and asking host to make a query of type ANY.

root@seven:~# host -a

;			IN	ANY

;; ANSWER SECTION:		1594	IN	A		1594	IN	A		1594	IN	A		1594	IN	A		1594	IN	A		19594	IN	NS		19594	IN	NS		19594	IN	NS		19594	IN	NS		1594	IN	SOA 2015122303 7200 600 2419200 3600		1594	IN	MX	10		1594	IN	TXT	
"v=spf1 include:_ 
Received 649 bytes from in 1020 ms

A quick Nmap scan

Nmap is a versatile tool for networking scanning. A quick Nmap scan scans for basic services running on the server..

root@seven:~# nmap

Starting Nmap 6.49BETA4 ( ) at 2015-12-19 06:24 EST
Nmap scan report for (
Host is up (0.032s latency).
rDNS record for
Not shown: 986 filtered ports
21/tcp    open   ftp
22/tcp    open   ssh
25/tcp    open   smtp

Scan for ipv4,ipv6,FTP ,sub-domains and more

dnsmap is a an awesome tool.It scans for ipv4,ipv6,FTP and sub-domains and more .It returns all the possible ip addresses . .

root@seven:~# dnsmap
dnsmap 0.30 - DNS Network Mapper by pagvac (

[+] searching (sub)domains for using built-in wordlist
[+] using maximum random delay of 10 millisecond(s) between requests
IP address #1:
IP address #1:
IP address #1:
IP address #1:
IP address #1:
IP address #1:
IP address #1:
IP address #1:
IP address #1:
IP address #1:
IP address #1:
IP address #1:
IP address #1:
IP address #2:

There is an another useful too for collecting information on websites. dig (domain information groper) is a flexible tool for interrogating DNS name servers.

root@seven:~# dig

These are some basic techniques to collect information on a website.For more and flexible techniques use the following tools:

It is Graphical tool for collecting information on websites.Easily on of the best tool available.

is a versatile tool it detects operating system,ids and ports and more.

gathers sub-domains,ip addresses and emails etc.