MXToolbox.net - Remote server scanning tool

swarmdeco

Member
Feb 27, 2016
25
48
48
ATuAee1.png

URL: http://mxtoolbox.com/NetworkTools.aspx

Let me present this awesome tool for server reconnaissance and fingerprinting, it's called MxToolbox.net. This tool allows you to scan several things on a targeted server. It perform a lot of different tests that let you check the server health (it's not a vulnerability scanner, but it's useful to do some quick tests), like the following:
  • MX Records
  • Blacklisted servers
  • DNS Records
  • SMTP Services
  • Reverse DNS Lookups
  • Domain WHOIS
  • Open Ports (Not a fullscan, but enough to start)
  • Digital certificates
  • And a lot more...
I usually use this tool when I need to perform SMTP scans or Email header tracking, but it has tons of other awesome tools. One of the best things that this tool have (and it's curse as well) is that it perform every test from MxToolbox IP address, so that way you don't have tu burn your IP address the first hour of pentesting.

Warning: MXToolbox stores the IP address that requested the scan, so only use this tool if you have authorization to perform scans on the server, don't be that guy.

Happy hunting,
- Swarm!
 

swarmdeco

Member
Feb 27, 2016
25
48
48
Want to do something neat and simple? Open any email from your Gmail inbox, and try to select an email that does not come from another Gmail account) and select "Show Original" (Someone help me with the proper gmail translation of "Mostrar Original" in the english version.

jQ8HTr2.png

This will show you a plaintext information of the original original message... copy all that code and paste here (http://mxtoolbox.com/EmailHeaders.aspx).
That will analyze all the Metadata that goes along with the email itself (it's a lot more than just the subject and the body of the message), it will show you the route that the email took to get from the sender to the recipient.

Usually this will help you to find Internal IP address of a company (sinces it's going to travel through some internal SMTP relays).

:D

Note: (I used gmail because I'm too lazy to make a general purpose tutorial).
 
Top