Skip to main content

Perform Information Gathering | Basic Ethical Hacking Course |

Reconnaissance denotes the study of information gathering before any actual attacks are planned. The purpose is to gather as much interesting information as possible about the victim. To accomplish this, many other publicly available sources of information are employed. The extracted information would often already allow a detailed insight into the affected organizations.


Information Gathering is the first and foundation step in the success of penetration testing.  The more useful information you have about a target, more you able to find vulnerabilities in the target and hence able to find more serious problems in the target by exploiting them (to demonstrate). In this article, I am discussing ten information gathering techniques for penetration testing of IT infrastructure.

1. Whois Lookup (http://whois.domaintools.com)

It helps in identifying the owner of a target, hosted company, and location of servers, IP address, Server Type etc.


2. Identify technologies of the target web application

It helps in identifying technologies used in the development of web application. It also helps in determining the outdated modules of software used in development. Later you can search exploits on www. exploit-db.com to further demonstrate the issues in the web application. Following resources can be used to identify technologies of target:

  • Netcraft site report (https://toolbar.netcraft.com/site_report)
  • https://builtwith.com/

 

3. Robtex (https://www.robtex.com/)

This resource is perfect for gathering information related to DNS.


4. Subdomain Enumeration

Subdomain Enumeration is a technique to identify unused subdomains registered with the organization. Many tools available for subdomain enumeration like Knockpy, sublist3r etc. are some of them.

  • Download Link (Knockpy): https://github.com/guelfoweb/knock
  • Download Link (Sublist3r):https://github.com/aboul3la/Sublist3r

Below video helps in installation and explain the usage of knockpy tool.


5. Shodan (https://www.shodan.io/)

It is considered as a first search engine to identify assets which connected t0 internet. It helps in identifying the misconfigured IoT devices (like a camera), IT infrastructure and also help to monitor the network security of an organization.

 

6. Certificate Transparency (CT) (https://www.certificate-transparency.org/)

Certificate Authority (CA) need to publish all SSL/TLS certificates which they issue. This portal is open for public and anyone can see the CT logs and identify certificates issue for a particular domain.


7. Discovering Sensitive Files

Many tools available for finding the URL of sensitive files. One such tool is dirb which is a web content discovery tool.

 

Usage:

 

8. American Registry for Internet Numbers (ARIN)

ARIN organization manages the IP address numbers for the U.S. and assigned territories. By using below URL, you will get a lot of information related to an organization’s systems configuration from public domain sources.

URL: https://www.arin.net/


9. Autonomous System Number (ASN) 

To identify ASN for the organization, use https://bgp.he.net/ by keyword.


10. Port Scanning 

To identify web ports and other useful information such as Operating System, device type, MAC addresses etc. by proving URL or IP.

  • Nmap (https://nmap.org/)
  • Masscan (https://github.com/robertdavidgraham/masscan)

Google: Ultimate Tool for Information Gathering

By using multiple google search options, you can find sensitive data lying unattended on internet.

Conclusion 

For successful penetration testing, above tools and resources helps a lot to expand the horizon of the successful test.

Labels:

Comments

  1. Spam LeadsJuly 1, 2020 at 1:43 AM

    Hey Guys !

    USA Fresh & Verified SSN Leads AVAILABLE with best connectivity
    All Leads have genuine & valid information

    **HEADERS IN LEADS**
    First Name | Last Name | SSN | Dob | DL Number |Address | State | City | Zip | Phone Number | Account Number | Bank Name

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term deal
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete

Post a Comment

Popular posts from this blog

Embed Backdoor in any Android app | Android Hacking | Tricky Hash |

  H OW TO  CREATE A ANDROID TROJAN INTRO Everybody  install and use apps these days. So, the easiest way to hack a android by embed a Backdoor to a normal apk File. Now, install this apk file in your Victim's phone by using some Social Engineering trick.  When it is executed the user will see a normal app but in the same time our Backdoor will be running in the Background. REQUIREMENTS A Legitimate android apk file. Kali Linux  The FATRAT (Linux Tool) PROCEDURE   To embed Backdoor in any legitimate apk, we use fatrat. We have to install Fatrat in out terminal. Fatrat is used to generate local or remote listeners. It can generate payloads in various formats.  To Install Fatrat we'll have to use the following commands:  git clone  https://github.com/Screetsec/TheFatRat.git After cloning into TheFatRat now type: ls (enter) cd TheFatRat (enter) ls (enter) chmod +x setup.sh (enter) ls (enter) ./setup.sh (enter) It will automatically install all the required dependencies please be pa
10 comments
Read more

CARDING!(BASICS,PROCEDURES,PRECAUTIONS,CONSEQUENCES)

part-1  * Why does the bank card number have #16 digits and what do these number s mean? * * 16 digits * on the card contains important information and * 6 digits * The first is the bank identification number and specifies which bank issued the card.  By examining these * 6 digits *, programmers will recognize the card issuing bank. "Brought to you by the Dark Army. * (Bank Identification Number) *   they say.  This number for some banks is as follows: Bank name Bank                       Bank Code      ----                       --------- Chemical Bank                    1263 Marine Midland                   6207 [1207?] Manufacturers Hanover Trust      1033 Citibank                         1035 Huntington                       1226 First Card Gold                  1286   MBNA                             6017 Chase Manhatten                  1665 [ Bank from 5127 ]               1015 Capital Bank.                       6396 Future Bank.                         6362 City Bank.   
3 comments
Read more

Linux for Beginners | Tricky Hash

Linux Operating System is the best known, free and open source operating system. Linux is broadly used in operations of server based machines, security tools and number of such categories. Fedora, Cent OS, Ubuntu, Debian are one of the famous flavours from Linux family. If you are looking to experience Linux Operating System, then it is highly recommended to make yourself aware regarding few important commands.  There are generally two types of user in Linux, Regular User who celebrates limited access and Root User who celebrates complete access. Let's see few master terms and commands every beginners should know in Linux OS: • Root User : Root User in Linux celebrates access on all the commands and files. • man : This "man" command provides complete manual of any command. For example: "man passwd" • locate : This "locate" command helps user to find the files by name. • ls : This "ls" command helps to list the table. • pwd : PWD here stands
5 comments
Read more