Recon Reading Notes - morgan-hanrahan/Tech-Journal GitHub Wiki
Internet Information Gathering
Passive Footprinting and Reconnaissance
Main things to look for while gathering information:
- Company subdomains
- Websites
- Public IPs
- Leaked internal IPs
- Public DNS records
- Leaked creds
- Previous breaches
- Significant business change
- Business/Employee phone numbers/information
Internet Search Engines
Public search engines are the easiest way to find the weaknesses of your targets. Some of the best search engines are:
- Google Search Engine: google.com
- Shodan online scanner: shodan.io
- DuckDuckGo Search engine: duckduckgo.com
Information Gathering Using Kali Linux
Kali Linux provides many preinstalled tools that are great for passive information gathering
Whois Database
- This site will provide you with the following public information:
- Registrant name
- Contact Phone number
- Email address
- Entity physical address
- Domain expiry date
- Name Servers
TheH/harvester by Edge Security
Command line tool that allows you to query multiple search engines
- This is included in Kali, but some versions had issues
- -d : used for specifying your target's name
- -s : used to search on the Shodan web engine
- -b : online data source name
DMitry
Stands for "deepmagic information gathering tool"
- This application can perform multiple tasks at a time
- -w : Whois lookup
- -n : Retrieve records from Netcraft.com about the target
- -s : Looks for subdomains
- -e : Search for email addresses
- -p : Scan for TCP open port
Netcraft
This is a website that provides technical reports on other websites
- Uses "What's that Site Running" search engine to get reports
- Report contains a lot of useful information
Metagoofil
Kali utility which does metadata analysis of public files
Dnsrecon
Included in Kali, offers a streamlined approach to getting data
- Should pull down the latest version