Penetration Test - Selecting_Pen_Testing_Tools(6)
阿新 • • 發佈:2020-11-16
Open-Source Research Tools
OPEN SOURCE INTELLIGENCE (OSINT) TOOLS
Tool | Notes | URL |
---|---|---|
Whois | Domain details (contacts, name servers, etc.) | https://whois.icann.org/en (and many more) |
Nslookup | DNS information | Installed or available on most OSs |
Foca | Fingerprint Organizations with Collected Archives - finds document metadata. | https://github.com/ElevenPaths/FOCA |
Theharvester | Gathers info from many sources (email, hosts, open ports, etc.) | https://github.com/laramies/theHarvester |
Shodan | Finds Internet connected devices | https://www.shodan.io/ |
Maltego | Data mining for investigations | https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php |
Recon-NG | Web reconnaissance | https://bitbucket.org/LaNMaSteR53/reconng |
Censys | Finds Internet connected devices | https://censys.io/ |
DEMO
whois google.com
nslookup google.com
QUICK REVIEW
- OSINT data can help fill in information gaps
- Some information is not based on IP addresses or domain names
- Be creative when exploring attack vectors for targets
- Targets can be devices, people, user accounts, and even facilities