Introduction to pentesting: Reconnaissance


Oftentimes, our reconnaissance efforts will result in hostnames rather than IP addresses. When this occurs, we can use the “host” tool to perform a translation for us. The host tool is built into BlackArch. We can access it by opening a terminal and typing:

host target-hostname

If you’ve uncovered a DNS servers, to translate it into an IP address, you’d enter the following command in a terminal:

host target-dns

For example: “host”. The host command can also be used in reverse. It can be used to translate IP addresses into hostnames. To perform this task, simply enter:


Using the “-a” parameter will provide you with verbose output and possibly reveal additional information about your target.