top of page

Information Gathering — First Step towards Website Hacking

Hacking a website? Don’t miss out on this important step!

Before hacking a website or a resource, it is a good practice to first accumulate all the information which can be gathered related to the target resource. Hackers/penetration testers gather all possible information related to the website they want to hack. Then they come up with a strategy to attack the resource with this information. A lot of this information is publicly available on the internet.

In this blog, I will go through the main tools which can be used to get all this information. Main steps are:

  1. Whois Lookup — Domain Name Info

  2. Finding out the technologies Used

  3. Discovering open ports on the server

  4. Websites on the same server

  5. Discovering subdomains of the website

  6. Discovering files on the website

Let’s look at how to perform these steps:

WhoIs lookup — Domain Name Info

WhoIS lookup is a protocol used to find out the owner of any resource on the internet. It can be the owner of a domain name or IP address. This information is easy to fetch, you can google whois lookup to find a list of websites providing this service. I have used to fetch WhoIs details in the screenshots below.

Details in the WhoIS lookup Database for the website:

Anyone can get information related to the website owner’s country, the date since the website was active, the IP address of the website, the company that registered the domain, and a lot more things.

Technologies used by the Target Website

For this, there’s a tool available at This site will give information related to a lot of things, most importantly the technologies used to host that website. If the website uses javascript , the hacker can run a javascript code that will affect the client’s computer. If the website uses PHP , the hacker can write a PHP code for server-side attacks. We also get the information on web trackers used by the website. The result for my website — looks like this.

Websites on the same server

If you are trying to hack a website and you are not able to find any vulnerabilities, the next step is to find any other website that exists on the same server. If two websites exist on the same server, then they will have the same IP address. If you are able to hack any other website, you can navigate through the file system to the target website. To do this you would need to do a reverse DNS lookup.

The role of a DNS server is to convert a URL to IP address. Whenever you browse a URL, the internet service provider (ISP) will query the DNS server for an IP address where the requests need to be sent, and return the IP address.

With reverse DNS lookup, we can get the website information hosted on the IP address/computer. To do this navigate to Under the heading Reverse IP Lookup , enter the IP of the target website and click on Go to get the list of websites hosted on the same computer.