Tag: gathering

Web Penetration Testing

Web Application Information Gathering

Retrieve HTTP response header curl -I -i -X HEAD –insecure example.comcurl -I -i -X HEAD –insecure example.com echo -e ‘HEAD / HTTP/1.0\r\n\r\n’ | nc example.com 80echo -e ‘HEAD / HTTP/1.0\r\n\r\n’ | nc example.com 80 Malformed requests test GET / HTTP/3.1 Host: hostname User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html Accept-Language: en-US,en;q=0.5 Content-Length: …

Information Gathering

Information Gathering with Harvester

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on …

Enumeration

Information Gathering with Metagoofil

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company. Metagoofil will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner? and others. With the results it will generate …