Information Gathering is important part of the penetration testing in which gathering information like critical assets or web applications that belongs to the client or victim which help hacker get access , related domain and subdomain of the client or victim in this hacker can get hidden domain which login which help to gain access , registration details of each domain which help , server architecture of the application running on the these web application which give details about which version are running in victim server which help to exploit , other web application running in the same server as the target domain if we get access to other web application then it will help to get access to victim web application and older snapshot of the web application it help to understand the working and other information of victim web application.
In Below there are tools which can we use for Information Gathering:-
Information Gathering Tools:-
A. Maltego Tools:-
Maltego Is an open source intelligence (OSINT) and gathering like analysis tool for gathering and connecting information for inverstingative task. It is inbuilt tool in kali linux. Maltego can be used for the information gathering phase of all security related work. It will save you time and will allow you to work more accurately and smarter. Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.
B. Search Engines(Google Hacking):-
With help of Google we can find Advisories and vulnerabilties ,Error messages that give away far too much information, Files containing confidential information ,Files containing passwords ,File containing username , Footholds Helping an attacked get into web server , some site contain admin login portal page , Sometime we can find sensitive directories , some time hacker can find connected devices to the web application , some time live webcams can found on the internet like inurl:/view/index.shtml etc. also there is google cheat sheet in which user can find information like above .Form more information on google cheat sheet. https://www.webfx.com/blog/wp-content/uploads/2016/11/infographic-google-final-fixed-1.png
C. WhatWeb : -
WhatWeb is a next generation web scanner.WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
Download Tool :- http://whatweb.net.
D. HttpRecon : -
HTTPRecon or HTTP Fingerprinting is a tool developed by computec.ch and modified by w3dt to help return highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis. HTTPRecon improves the easiness and efficiency of Server HTTP Fingerprinting / Identification and this kind of enumeration. Traditional approaches such as banner-grabbing, status code enumeration and header ordering analysis are used, however many other analysis techniques have been introduced to HTTPRecon to help increase the possibilities of accurate web server fingerprinting. Some of these methods have been discussed in the book "Die Unset des Penetration Testing" .
For More information :-https://w3dt.net/tools/httprecon.
E. SSL Scan :-
This free online services performs a deep analysis of the configuration of any SSL web server on the public Internet. sslscan queries SSL/TLS services and reports the protocol version , cipher suites , key exchange , signature algorithms and certifications in use. This helps the user understand which parameters are weak from a security standpoint. For More Information :-https://www.ssllabs.com/ssltest/
F. host : -
host is a simple utility for performing DNS lookup. It is normally used to convert names to IP addresses and vice versa . When no arguments or options are given, host prints a short summary of its command line arguments and options.
G. Fierce :-
Fierce is DNS scanner that helps locate non-contiguous IP space and hostname against specified domains. It is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a pre-cursor to nmap, Open‐VAS, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find misconfigured networks that leak internal address space. That's especially useful in targeted malware. For More information :-https://tools.kali.org/information-gathering/fierce
H. sslstrip:-
sslstrip is a tool that transparently hijacks HTTP traffic on a network, watch for HTTPS links and redirects, and then map those links into look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For More Information:-
https://github.com/moxie0/sslstrip
I. whois:-
whois is a protocal that queries and receives response from the database that store the registration information of a domain or an IP address .whois also tool in kali linux which help user to guess the right server to ask for the specified object. If no guess can be made it will connect to severs for IPv4 addresses and network names.For More Information :-https://www.whois.com/
J. Reverse IP Lookup:-
A reverse ip lookup lookup the ip address and give a list of all domains running on the same servers.For More Information:-https://reverseip.domaintools.com/
No comments:
Post a Comment