Glossary

Terms

Recon/Port scanning

Reconnaissance: Gaining information about a specific target and scanning the range of ports. Any open port is possibly a vulnerable avenue of a web attack.
Blog: Top 5 Best Port Scanners
Blog: URLScan.io: the best way to scan any website
Blog: Top 20 Data Reconnaissance and Intel Gathering Tools

IP history

Historical list of IP addresses where a specific domain name was hosted. Also, it provides information about the geographical location and the owner of it.
Blog: New feature: IP history by value

Passive DNS

System of records that stores DNS data for the given location, time period and record. It is mostly used for having an IP address that is known to be malicious and to find all domain names that are connected to it.
Blog: Finding Phishing Domains with DNSTrails

ccTLD

Country code Top-Level Domain. Internet top-level domain that is reserved for a specific country. It contains two letters and can be restricted to only users from that country, or can be open for registrations.
Blog: More complete coverage for UK, AU, SE and NU Top level domains

gTLD

Generic Top-Level Domain. Identifies a name of an internet address and is generally the most popular Top-Level domain. It includes the famous .com, .org, .net.

Whois history

Accessing the historical WHOIS data. Getting all information associated to a domain name in question.
Blog: New Feature: Find every domain someone owns automatically

Whois reverse DNS

Using any personal information that is associated to a domain name in question. You will be able to access all domain names that are associated with that information.
Blog: New Feature: Searching WHOIS Data Using Mailing Addresses

SSL transparency log

Public logs from companies that provide you with SSL certificates. It is public information about the certificates.

Passive recon

Gaining information about the target without actively engaging with systems.

Feeds

Up-to date lists of deleted, new, or changed domains filtered by gTLD, ccTLD or all TLDs.

Reverse DNS

Determining the domain name that is associated with the IP address in question.
Blog: How to use reverse DNS records to identify mass scanners

AAAA record

Similar to the A record, but it points the domain or subdomain to an IPv6 address

PTR record

Mostly used for reverse DNS. It maps a network interface to a host name.
Blog: New Features: Endpoints for Reverse DNS and Open Ports

DMARC record

Domain-based Message Authentication. Email validation system that is there to detect and fight techniques that are used in email spoofing.