Article 2022-08-27 20:25:32
Ricard Santiago avatar Ricard Santiago

OSINT

Extract

This is a breve tutorial about useful tools for the first phase of the ethical hacking, gathering information. I will explain the following tools: Whois DNS Enum theHarvester whatWeb I hope you understand that my goal is not to make a complete guide to understand the tools. Since I think that if I explain everything to you, you will probably not investigate. On the other hand, I would certainly have to write a manual.

Article

Whois


Whois is a tool that uses the TCP protocol that allows queries to be made to a database that contains information about the domain of web pages. Probably, as you know, a web use a TCP/IP protocol and every web has an IP though you see a something like www.domain.com. Every web has at least DNS to convert the IP to a direction to be able to remember it easily. So that it is important to see if we can collect some data about it. Later we will see how you can collect specific information about it.



The result you get when you run the last command is (the output is formatted for better readability):



As you can see the output shows directions, emails, servers, etc. that it is very relevant for gathering information to exploit later. I encourage to you to think what you can do with this data and what parts of it are the most relevant for you.

DNS Enum


DNS Enum is a specific tool to find the DNS servers information and to discover non-contiguous IP blocks. To install this tool, you can run the following code:



To find resources to make more accuarate research, you can run:



In this particualr example the output is:



Also, you can consult the network-tools to make the same consult. You will see something like this:

theHarvester



theHarvester it is so useful to find public emails. It is very important for a social engineering in the exploitation phase.

To install this tool, you can run the following code:
To find resources to make more accuarate research, you can run:





You can run a simple query using the following command. As you can imagine, you have to consult the help resource of the tool as I show you to learn the option you can include. But, basically -d is for the domain, -l it is equivalent to say the limit of the research and -b is to specify the source, for instance, to specify the search engine. What makes -g? What is Google Dorks?



whatWeb



To install this tool, you can run the following code:
To find resources to make more accuarate research, you can run:




You can run a simple query using the following code, and you will see that you obtain too much information as IP, servers, cookies, headers, etc. I recommend you to use the verbose mode just including -v. That way, you will obtain a nicer output. It is your goal to understand the majority of the data but remember that the most important phase of ethical hacking is gathering information. Do not underestimate all the effort that you will have to dedicate to it, and try not to advance without having clear knowledge. Remember that so far all the tools used are legal, at least in Spain.


More related to OSINT