Wayback Machine
For reviewing internet archives; Free Via internet browser; archive.org/web ; Can see historical data about a website to identify new changes which may have vulnerabilities; Can potentially find out/recover sensitive information if published at a previous time; API Functionality;
Maltego
For Link Analysis – Used to investigate relationships between entities; Download and Install; maltego.com ; Licensed w Community Edition Available; Create graphs by adding entities such as endpoints, domains, users and observe relationships; Finds emails, phone numbers, DNS names, huge numbers of others; Visualises the web application you are pentesting.
Recon-ng
Aimed at performing open source web based recon; Preinstalled on KailLinux; Can run within Docker Container(PowerShell etc); Gathering Subdomains; Twitter Mentions; Vulnerability listings; Discover hosts;
Shodan Search Engine
shodan.io ; Discover internet connected devices (IoT); Ip Lookups and Associations, Running Ports; ICS, Databases, Videogames exploration; Extra Services such as Monitor your own devices, Trends, Dev services, etc; Lists of Vulnerabilities for websites and domains;
SpiderFoot
Open Source Recon Automation; WebBrowser or CMD line interface; Scan webapps/domains; Summarises scan results; Graph Connections; Review of scan info and settings; Scan logs accessible;
WHOIS / RDAP
Ip address and Domain information; Web Browser; lookup.icann.org ; Uses RDAP; Name Servers, Registration, Update and creation dates, registrant for domain, email contact, authoritative servers, address ranges; WHOIS command line tool alternative, needs installation;
nslookup and dig
Query DNS information; nslookup = preinstalled on powershell; dig = WSL(ubuntu) or linux;
Censys
censys.io ; Visibility into internet connected devices and services; Servers, Websites, IoT devices in search of vulnerabilities; Similar to shodan but more focussed on the research side;
Hunter Email Outreach Platform
hunter.io ; Requires account (Free); Search Companies and associated email addresses; Company Locations and Number of people; Verify if emails exist; Check if emails are deliverable without actually sending an email;
DNSDumpster
Hosted by HackerTarget; Perform security assessments; dnsdumpster.com ; Host IPs and geolocation; Host Records; DNS Servers; MX records (Domain emails); TXT Records; Graphical representation of domain; Network Mapping;
Amass
Powershell in Docker container; Download from Github; OWASP Amass can be installed a variety of ways; Attack surface mapping and Asset discovery; Enum lists;
Nmap Scripting Engine
Download nmap; nmap.org ; Use in terminals once installed; SCRIPT SCAN in terminal is where to use nmap script capabilities; Run vulnerability scans; Huge number of scripts available;
theHarvester
Edge Discovery; Preinstalled on kail linux; can run in docker; can install on ubuntu/ WSL; Github repository; Install modules and packages; Discover resources such as IPs, emails and hosts; Dig into domain information;
WiGLE
Identify wireless hotspots and collect information; wigle.net ; Maps wireless networks using geolocation data; WIFI, CELL, BLUETOOTH;
inSSIDer
Network Analyser; metageek.com/inssider ; SSID, client numbers, signal strength, security, modes, max rate, last seen; Channel analysis to check which are being used; Discover overlapping networks; Discover reach/coverage area of network; Locate physical location of access points;
OSINTframework.com
Gathers information from tools to help you find the resources or tools you are after; Installable tools (T), Google Dorking (D); Usernames, email addresses, domain names, ip and mac addresses, images videos documents, social networks, instant messaging, people search engines, dating, telephone numbers, public records;
Wireshark
wireshark.org ; Capture traffic; Traffic analysis; Filter Results; Save Results; Network Analysis;
Aircrack-ng
Monitor and analyse WiFi networks; Designed for hacking WiFi; Monitor and Perform packet captures and export to text; Check WiFi cards and drivers; Deauthentication attacks and fake access points; Crack WEP, WPA-PSK; Unix, Linux (Preinstalled Kali), Windows, Mac; Requires compatible wireless card; Determine Wireless card Chipset for functionality; Patch and install wireless card drivers for best functionality; Passively sniff and crack networks; Active attacks such as injection, ARP replay;
Leave a Reply