{"id":2243,"date":"2021-09-30T08:01:52","date_gmt":"2021-09-30T08:01:52","guid":{"rendered":"https:\/\/osintme.com\/?p=2243"},"modified":"2021-09-30T18:03:36","modified_gmt":"2021-09-30T18:03:36","slug":"osint-me-tricky-thursday-8-url-manipulation","status":"publish","type":"post","link":"https:\/\/osintme.com\/index.php\/2021\/09\/30\/osint-me-tricky-thursday-8-url-manipulation\/","title":{"rendered":"Osint Me Tricky Thursday #8 \u2013 URL manipulation"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

This week’s focus will be on reviving a somewhat forgotten and neglected section of the blog – the Osint Me Tricky Thursday<\/a>.<\/p>

And without further ado, I want to get right into it, sharing some tips and tricks on how to use URL manipulation for OSINT.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

1. Understanding the basics of URLs<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Even if sometimes we are unable to recall the exact meaning of the acronym URL (Uniform Resource Locator), we all know what it is and what it does – it’s a human-readable link in your browser that allows you to access online resources residing on a specific IP address.<\/p>

A URL can be general in nature, pointing to a landing page of a website (for example osintme.com)<\/a>, or to a more defined object or resource using the path to a file, such as a PDF form or a text file on that website, for instance:<\/p>

https:\/\/osintme.com\/wp-content\/uploads\/2021\/05\/CySA-002-Notes.pdf<\/a><\/p>

A thing to remember – many domains have hidden URLs that are never usually accessed or searched for by regular users. Some of those URLs are part of the deep web, meaning that they are not indexed by search engines – but sometimes they can be accessible by discovering and visiting the exact URL.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

2. Subdomain enumeration<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Every valid Internet domain name is comprised of the following components:<\/p>

  1. Top level domain<\/strong> \u2013 whatever follows after the last dot in the URL string. Common top level domains examples are: .com, .org, .gov, .net, .uk, .ie\u2026<\/li>
  2. Second level domain<\/strong> \u2013 whatever is before the top level domain. So, the second level domain of this blog is osintme<\/em><\/strong> and the top level domain is .com<\/em><\/strong>.<\/li>
  3. Subdomain<\/strong> \u2013 whatever is positioned before the second level domain. It can be anything really, for example: aws.amazon.com \u2013 the aws<\/em><\/strong> part is the subdomain here.<\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Subdomain enumeration is used to identify and expose subdomains that are infrequently used or that are not meant to be accessed by regular users. This can be done manually by simply adding a common word before the second level domain:<\/p>