Category: Reconnaissance

Hacking, OSINT, Penetration Testing, Reconnaissance

Passive information gathering

Search Engines Gather information using search engines results Google Bing Reverse IP lookup using Bing: IP:x.y.z.yIP:x.y.z.y Yahoo Social Networking Sites Gather information using social networking websites Google+ LinkedIn Instagram Facebook Twitter Online databases Gather information using online databases whois shodan netcraft robtex dnshistory Online Tools Gather information using online tools mxtoolbox domain tools SSL Server …

Footprinting, Hacking, Penetration Testing, Reconnaissance

Public documents harvester

Metagoofil is a tool for conducting public documents (pdf,doc,xls,ppt,etc) reconnaissance during a pen test. This information could be useful because you can get emails, usernames, people names etc for later use in bruteforce password attacks (vpn, ftp, webapps). Metagoofil has the ability to search Google for specific types of files being publicly hosted on a …

Reconnaissance

Looking for sensitive information in GitHub

Looking for sensitive information in GitHub repositories is not a new thing, it has been known for a while that things such as private keys and credentials can be found with GitHub’s search functionality, however Gitrob makes it easier to focus the effort on a specific organization. The first thing the tool does is to …

Footprinting, Penetration Testing, Reconnaissance

IPGeoLocation 1.5 released

IPGeoLocation A tool to retrieve IP Geolocation information from ip-api.com. Github Requirements Python 3.x Features Retrieve Geolocation of IP or Domain. Run program with no arguments to get your IP Geolocation. Retrieve Geolocation of multiple IPs or Domains loaded from file. Each target in new line. Define your own custom User Agent string. Proxy support. …

Footprinting, Hacking, Reconnaissance

IPGeoLocation – Retrieve IP Geolocation information

IPGeoLocation is a small free, open-source tool, coded in python 3, capable of retrieving geolocation information for the targeted IP address. IPGeoLocation makes use of this IP Geolocation API – http://ip-api.com/docs/. You can find IPGeoLocation source code on Github. IPGeoLocation is licensed under GPLv3.

Footprinting, Reconnaissance

SSL Protocol Scanner – Reconnaissance

sslscan – queries SSL/TLS enabled services, such as HTTPS, to discover supported cipher suites. The output includes prefered ciphers of the SSL service, the certificate and is in Text and XML formats. Usage: sslscan [Options] [host:port | host]sslscan [Options] [host:port | host] Options: –targets=<file> A file containing a list of hosts to check. Hosts can …

Footprinting, Penetration Testing, Reconnaissance

Gathering information – Reconnaissance

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more. The following is a list of the current …

DNS, Enumeration, Information Gathering, Reconnaissance

Retrieve MX records

nslookup is a command-line administrative tool for testing and troubleshooting DNS servers. The syntax for noninteractive mode is: nslookup [-option] [hostname] [server]nslookup [-option] [hostname] [server] Parameters Commands:   (identifiers are shown in uppercase, [] means optional)  NAME            – print info about the host/domain NAME using default                    server  NAME1 NAME2     – as above, but use NAME2 …

Information Gathering, Metasploit, Reconnaissance

Email harvesting with Metasploit

Email harvesting is the process of obtaining lists of email addresses using various methods. You can check on your own what emails, attackers are going to find about your domain using Metasploit’s module, Search Engine Domain Email Address Collector. This module uses Google, Bing and Yahoo to create a list of valid email addresses for …