* **Presidente de EE. UU. (POTUS)**
    * **Secretary of Defense (SecDef)**
      * **Department of Defense (DoD)** - [[https://www.defense.gov|defense.gov]]
        * **Joint Chiefs of Staff (JCS)** - [[https://www.jcs.mil|jcs.mil]]
        * **Fuerzas Armadas**
          * **U.S. Army** - [[https://www.army.mil|army.mil]]
          * **U.S. Navy** - [[https://www.navy.mil|navy.mil]]
          * **U.S. Marine Corps** - [[https://www.marines.mil|marines.mil]]
          * **U.S. Air Force** - [[https://www.af.mil|af.mil]]
          * **U.S. Space Force** - [[https://www.spaceforce.mil|spaceforce.mil]]
          * **U.S. Coast Guard** - [[https://www.coastguard.mil|coastguard.mil]]
        * **Comandos Combatientes Unificados**
          * **CENTCOM** - [[https://www.centcom.mil|centcom.mil]]
          * **EUCOM** - [[https://www.eucom.mil|eucom.mil]]
          * **INDOPACOM** - [[https://www.indopacom.mil|indopacom.mil]]
          * **AFRICOM** - [[https://www.africom.mil|africom.mil]]
          * **SOCOM** - [[https://www.socom.mil|socom.mil]]
          * **STRATCOM** - [[https://www.stratcom.mil|stratcom.mil]]
        * **Agencias del DoD**
          * **DARPA** - [[https://www.darpa.mil|darpa.mil]]
          * **Defense Logistics Agency (DLA)** - [[https://www.dla.mil|dla.mil]]
          * **Defense Contract Audit Agency (DCAA)** - [[https://www.dcaa.mil|dcaa.mil]]
          * **Defense Technical Information Center (DTIC)** - [[https://discover.dtic.mil|discover.dtic.mil]]
          * **Defense Manpower Data Center (DMDC)** - [[https://dwp.dmdc.osd.mil|dwp.dmdc.osd.mil]]

**Extraemos todas las webs y eliminamos el protocolo para poder dárselas a hackertarget**\\

<code>
curl 'https://wiki.acosadores.net/doku.php?id=estados-unidos:mapa' | grep -Eio '([a-z]+\.){2,4}(mil|gov)' | sort | uniq > urls_usa_sin_protocolo.txt
</code>

**Creamos un script para hackertarget que automatice el proceso de ir dominio por dominio**\\ 

<code bash>
#! /bin/bash
 
# Crea el archivo commands_usa
echo "workspaces create usa" > commands_usa
echo "workspaces load usa" >> commands_usa
echo "modules load recon/domains-hosts/hackertarget" >> commands_usa
 
# Iterar sobre cada dominio en usa_gov_sin_protocolo.txt
while read domain; do
  echo "options set SOURCE $domain" >> commands_usa
  echo "run" >> commands_usa
done < usa_gov_sin_protocolo.txt
</code>

Le damos permisos de ejecución con chmod +x script_usa.sh, ejecutamos con ./script_usa.sh y crea el fichero commands_usa


después hacemos:


recon-ng -r /home/usuario/commands_usa (tiene que ser ruta completa, no puede ser ruta relativa porque da error) \\
[recon-ng][usa][hackertarget] > spool start /home/usuario/volcado_usa.txt\\ 
[*] Spooling output to '/home/usuario/volcado_usa.txt'.\\ 
[recon-ng][usa][hackertarget] > show hosts (no sacamos mucho, sólo las ips)\\ 
[recon-ng][usa][hackertarget] > spool stop\\ 
[*] Spooling stopped. Output saved to '/home/usuario/volcado_usa.txt'.