Sunday, 31 January 2016

Reconnaissance tools in linux

Reconnaissance /footprinting tools

Reconnaissance can be either active or passive. In active reconnaissance you send traffic to the target machine while a passive reconnaissance use Internet to gather information. When you use active reconnaissance, you need to remember that the target machine may notice that you are planning a penetration test. In the case of passive test, target machine has no clue about who is gather intelligence and planning an attack. The following are the tools you can use:
  1.  Google: use advanced Google search to gather information about the target’s website, webservers and vulnerable information. Sometimes, jobs posted in the companies’ websites reveal valuable information about the type of information technologies used in the target company. 
  2. The harvester: you can use it to catalogue email address and subdomains. It works with all the major search engines including Bing and Google. This is a build in tool of Kali Linux.
  3. WHOIS:  to get information about domains, IP address, DNS you can run whois command from your Linux machine. Just type whois followed by the domain name:
    4. Whois yourdomain.com
    Alternatively, you can visit whois.net and type the domain name of your target.
  4. Netcraft: they have a free online tool to gather information about webservers including both the client and server side technologies. Visit http://toolbar.netcraft.com/site_report/ and type the domain name. 
  5. Nslookup: you can use it to query DNS server in order to extract valuable information about the host machine. You can use this tool both in Linux and Windows. From your windows machine, open the command prompt and the type ‘nslookup’ followed by the domain name. 
  6. Dig: another useful DNS lookup tool used in Linux machine. Type dig followed by the domain name. 
  7. MetaGoofil: it’s a meta data collection tool. Meta data means data about data. For instance, when you create word document in Microsoft word, some additional information are added to this word file such as file size, date of creation, the user name of the creator etc.-all these additional information is called meta data. MetaGoogle scours the Internet for metadata of your target. You can use it with both Linux (built in Kali Linux) and Windows. 
  8. Threatagent drone: it is a web based tool. You need to signup at https://www.threatagent.com/ and type the domain name that you want to reconnaissance. Once the drone extracts all the information about your target, it will create a complete report about the target, which will include the IP address range, email address, point of contacts etc. 
  9. Social engineering: it is perhaps the easiest way to gather information about an organization. You can find lots of free information about social engineering in the Internet. Depending on the types of information you need about your target organization, you need to choose the appropriate technique. But remember that this technique needs time to master and you need to plan it very carefully, otherwise your activity can easily trigger an alert.
After gathering solid information about the target, the next   step is to start scanning the target system. 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)