ReconTools:NOTES

ReconTools:NOTES

Wayback Machine

For reviewing internet archives; Free Via internet browser; archive.org/web ; Can see historical data about a website to identify new changes which may have vulnerabilities; Can potentially find out/recover sensitive information if published at a previous time; API Functionality;

 

Maltego

For Link Analysis – Used to investigate relationships between entities; Download and Install; maltego.com ; Licensed w Community Edition Available; Create graphs by adding entities such as endpoints, domains, users and observe relationships; Finds emails, phone numbers, DNS names, huge numbers of others; Visualises the web application you are pentesting.

 

Recon-ng

Aimed at performing open source web based recon; Preinstalled on KailLinux; Can run within Docker Container(PowerShell etc); Gathering Subdomains; Twitter Mentions; Vulnerability listings; Discover hosts;

 

Shodan Search Engine

shodan.io ; Discover internet connected devices (IoT); Ip Lookups and Associations, Running Ports; ICS, Databases, Videogames exploration; Extra Services such as Monitor your own devices, Trends, Dev services, etc; Lists of Vulnerabilities for websites and domains;

 

SpiderFoot

Open Source Recon Automation; WebBrowser or CMD line interface; Scan webapps/domains; Summarises scan results; Graph Connections; Review of scan info and settings; Scan logs accessible;

 

WHOIS / RDAP

Ip address and Domain information; Web Browser; lookup.icann.org ; Uses RDAP; Name Servers, Registration, Update and creation dates, registrant for domain, email contact, authoritative servers, address ranges; WHOIS command line tool alternative, needs installation;

 

nslookup and dig

Query DNS information; nslookup = preinstalled on powershell; dig = WSL(ubuntu) or linux;

 

Censys

censys.io ; Visibility into internet connected devices and services; Servers, Websites, IoT devices in search of vulnerabilities; Similar to shodan but more focussed on the research side;

 

Hunter Email Outreach Platform

hunter.io ; Requires account (Free); Search Companies and associated email addresses; Company Locations and Number of people; Verify if emails exist; Check if emails are deliverable without actually sending an email;

 

DNSDumpster

Hosted by HackerTarget; Perform security assessments; dnsdumpster.com ; Host IPs and geolocation; Host Records; DNS Servers; MX records (Domain emails); TXT Records; Graphical representation of domain; Network Mapping;

 

Amass

Powershell in Docker container; Download from Github; OWASP Amass can be installed a variety of ways; Attack surface mapping and Asset discovery; Enum lists;

 

Nmap Scripting Engine

Download nmap; nmap.org ; Use in terminals once installed; SCRIPT SCAN in terminal is where to use nmap script capabilities; Run vulnerability scans; Huge number of scripts available;

 

theHarvester

Edge Discovery; Preinstalled on kail linux; can run in docker; can install on ubuntu/ WSL; Github repository; Install modules and packages; Discover resources such as IPs, emails and hosts; Dig into domain information;

 

WiGLE

Identify wireless hotspots and collect information; wigle.net ; Maps wireless networks using geolocation data; WIFI, CELL, BLUETOOTH;

 

inSSIDer

Network Analyser; metageek.com/inssider ; SSID, client numbers, signal strength, security, modes, max rate, last seen; Channel analysis to check which are being used; Discover overlapping networks; Discover reach/coverage area of network; Locate physical location of access points;

 

OSINTframework.com

Gathers information from tools to help you find the resources or tools you are after; Installable tools (T), Google Dorking (D); Usernames, email addresses, domain names, ip and mac addresses, images videos documents, social networks, instant messaging, people search engines, dating, telephone numbers, public records;

 

Wireshark

wireshark.org ; Capture traffic; Traffic analysis; Filter Results; Save Results; Network Analysis;

 

Aircrack-ng

Monitor and analyse WiFi networks; Designed for hacking WiFi; Monitor and Perform packet captures and export to text; Check WiFi cards and drivers; Deauthentication attacks and fake access points; Crack WEP, WPA-PSK; Unix, Linux (Preinstalled Kali), Windows, Mac; Requires compatible wireless card; Determine Wireless card Chipset for functionality; Patch and install wireless card drivers for best functionality; Passively sniff and crack networks; Active attacks such as injection, ARP replay;

 

 

r0tZ Avatar

Leave a Reply

Your email address will not be published. Required fields are marked *