Mapping Your Attack Surface | Pure Hacking-Tempemail Zone

The first step when assessing an organization’s security posture is to map out the attack surface or the digital assets that belong to the target and are publicly available. Often the forgotten development server, or unpatched “temporary” database, will end up being the attacker’s initial foothold from which they pivot to other high value systems within your network. Many freely available data sources are available that can be leveraged to map an organization’s digital assets without actually sending any packets to the target. For large organizations, the first stop is to figure out what IP address blocks they own. The list of Autonomous Systems (AS) are available from several sources, such as Maxmind, and can serve as an initial map of where to look. Obviously, any cloud hosted servers will not be there. There are several other tricks you can use to find these, which we’ll discuss in a bit.DNS queries is a great place to go next. While it is hard to find a server that still allows zone transfers, several tools, such as, exist which can automate lookups for common subdomains. In the example below, Pure Hacking ran a DNS subdomain brute force attack against the target and located an externally available administrative server, which are often attractive targets for initial exploitation. Targeted keyword searches in any of the popular search engines can help identify new subdomains that may be of interest. A common technique is to start with, then drill down by removing subdomains like so ( Netcraft, Builtwith and Shodan are all great resources to see what information your organization is leaking. In the example below, Shodan is used to identify externally available SSH servers belonging to Citigroup. SSH servers are a great target because they can often be brute forced (unless keys are used) and provide shell access when successful.Once you identify a number of servers hosted in a close IP range, it is a good idea to check other IPs within the same class C to possibly find other related hosts. Depending on the organization, you may be able to get this information via reverse DNS lookups. The Censys and Project Sonar projects scan the internet and provide interesting data such as forward and reverse DNS lookups as well as various internet wide port scan results. Leveraging these scans can be as simple as parsing out any host using a specific parent domain.Another interesting use case to help identify an organization’s digital assets is to figure out what DNS server they use then query the DNS scan results for other servers configured to use the same DNS server. This technique only works when the organization hosts their own DNS server and does not use a 3rd party service. In addition, SPF (Sender Policy Framework) records can also be leveraged to connect different IPs and network ranges back to an organization. The SSL scan results can be used to find other hosts which are configured with a certificate common name (CN) matching the parent domain. Finally, is a helpful tool that can be leveraged to enumerate other domains registered using the same email address. In the example below, ViewDNS is used to enumerate 12,620 domains that are associated with Whether your tasked with managing your organization’s online security or simply need to accurately scope a pen testing engagement, OSINT (Open Source Intelligence) techniques can and should be leveraged to ensure that you don’t accidently leave insecure devices online.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Leave a Reply

Your email address will not be published. Required fields are marked *