Skip to main content

Perform Information Gathering | Basic Ethical Hacking Course |

Reconnaissance denotes the study of information gathering before any actual attacks are planned. The purpose is to gather as much interesting information as possible about the victim. To accomplish this, many other publicly available sources of information are employed. The extracted information would often already allow a detailed insight into the affected organizations.


Information Gathering is the first and foundation step in the success of penetration testing.  The more useful information you have about a target, more you able to find vulnerabilities in the target and hence able to find more serious problems in the target by exploiting them (to demonstrate). In this article, I am discussing ten information gathering techniques for penetration testing of IT infrastructure.

1. Whois Lookup (http://whois.domaintools.com)

It helps in identifying the owner of a target, hosted company, and location of servers, IP address, Server Type etc.


2. Identify technologies of the target web application

It helps in identifying technologies used in the development of web application. It also helps in determining the outdated modules of software used in development. Later you can search exploits on www. exploit-db.com to further demonstrate the issues in the web application. Following resources can be used to identify technologies of target:

  • Netcraft site report (https://toolbar.netcraft.com/site_report)
  • https://builtwith.com/

 

3. Robtex (https://www.robtex.com/)

This resource is perfect for gathering information related to DNS.


4. Subdomain Enumeration

Subdomain Enumeration is a technique to identify unused subdomains registered with the organization. Many tools available for subdomain enumeration like Knockpy, sublist3r etc. are some of them.

  • Download Link (Knockpy): https://github.com/guelfoweb/knock
  • Download Link (Sublist3r):https://github.com/aboul3la/Sublist3r

Below video helps in installation and explain the usage of knockpy tool.


5. Shodan (https://www.shodan.io/)

It is considered as a first search engine to identify assets which connected t0 internet. It helps in identifying the misconfigured IoT devices (like a camera), IT infrastructure and also help to monitor the network security of an organization.

 

6. Certificate Transparency (CT) (https://www.certificate-transparency.org/)

Certificate Authority (CA) need to publish all SSL/TLS certificates which they issue. This portal is open for public and anyone can see the CT logs and identify certificates issue for a particular domain.


7. Discovering Sensitive Files

Many tools available for finding the URL of sensitive files. One such tool is dirb which is a web content discovery tool.

 

Usage:

 

8. American Registry for Internet Numbers (ARIN)

ARIN organization manages the IP address numbers for the U.S. and assigned territories. By using below URL, you will get a lot of information related to an organization’s systems configuration from public domain sources.

URL: https://www.arin.net/


9. Autonomous System Number (ASN) 

To identify ASN for the organization, use https://bgp.he.net/ by keyword.


10. Port Scanning 

To identify web ports and other useful information such as Operating System, device type, MAC addresses etc. by proving URL or IP.

  • Nmap (https://nmap.org/)
  • Masscan (https://github.com/robertdavidgraham/masscan)

Google: Ultimate Tool for Information Gathering

By using multiple google search options, you can find sensitive data lying unattended on internet.

Conclusion 

For successful penetration testing, above tools and resources helps a lot to expand the horizon of the successful test.

Labels:

Comments

  1. Spam LeadsJuly 1, 2020 at 1:43 AM

    Hey Guys !

    USA Fresh & Verified SSN Leads AVAILABLE with best connectivity
    All Leads have genuine & valid information

    **HEADERS IN LEADS**
    First Name | Last Name | SSN | Dob | DL Number |Address | State | City | Zip | Phone Number | Account Number | Bank Name

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term deal
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete

Post a Comment

Popular posts from this blog

Embed Backdoor in any Android app | Android Hacking | Tricky Hash |

  H OW TO  CREATE A ANDROID TROJAN INTRO Everybody  install and use apps these days. So, the easiest way to hack a android by embed a Backdoor to a normal apk File. Now, install this apk file in your Victim's phone by using some Social Engineering trick.  When it is executed the user will see a normal app but in the same time our Backdoor will be running in the Background. REQUIREMENTS A Legitimate android apk file. Kali Linux  The FATRAT (Linux Tool) PROCEDURE   To embed Backdoor in any legitimate apk, we use fatrat. We have to install Fatrat in out terminal. Fatrat is used to generate local or remote listeners. It can generate payloads in various formats.  To Install Fatrat we'll have to use the following commands:  git clone  https://github.com/Screetsec/TheFatRat.git After cloning into TheFatRat now type: ls (enter) cd TheFatRat (enter) ls (enter) chmod +x setup.sh (enter) ls (enter) ./setup.sh (enter) It will automatically install all th...
10 comments
Read more

CARDING!(BASICS,PROCEDURES,PRECAUTIONS,CONSEQUENCES)

part-1  * Why does the bank card number have #16 digits and what do these number s mean? * * 16 digits * on the card contains important information and * 6 digits * The first is the bank identification number and specifies which bank issued the card.  By examining these * 6 digits *, programmers will recognize the card issuing bank. "Brought to you by the Dark Army. * (Bank Identification Number) *   they say.  This number for some banks is as follows: Bank name Bank                       Bank Code      ----                       --------- Chemical Bank                    1263 Marine Midland                   6207 [1207?] Manufacturers Hanover Trust      1033 Citibank               ...
3 comments
Read more

How to Guess any Password like Hackers Do | Password Cracking | Ethical Hacking |

In this article, I am going to tell you how Hackers and Crackers crack the password by Guessing. After reading this, you will be able to start think like a hacker. They use some methodologies while guessing and cracking passwords. So let's dive into it:  1. Guess the most common passwords At the end of every year, a list of the 25 most common passwords is released. These passwords are the easiest to guess and thus the most commonly hacked. Though you should avoid picking any of these passwords for yourself, try guessing from this list of passwords: 123456@  12345678  abc123  qwerty  monkey  letmein  dragon  baseball iloveyou  trustno1 1234567  sunshine  master  123123  welcome  shadow  Ashley  football  Jesus  Michael  ninja  mypassword  password1 2. Use some common password tricks  Other than guessing the most obvious passwords, there are a some tricks that are used by hackers....
4 comments
Read more