Sponsor

Security Videos

Entries in information gathering (2)

Sunday
Mar242013

Tektip ep26 - Information gathering with recon-ng

In this episode of TekTip, we focus on using @LanMaster53's reconnaissance framework recon-ng.

From his site:

"Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly."

To see some tips and tricks on usage and development using the framework goto the wiki

Recon-ng is written entirely in python and is very modular. What this means is that it is that anyone with python experience can utilize the framework to develop their own modules. I will probably do a follow on episode where I go over developing a module for recon-ng.

Recon-ng already has a decent amount of modules already. At the time of me writing this there are already 59 modules released.

Running modules in recon-ng is very similar to the commands you would use in Metasploit. The following are a few example modules I ran in the video:

discovery/info_disclosure/http/interesting_files
 

recon/hosts/gather/http/google
 

recon/contacts/gather/http/twitter
 

recon/hosts/enum/http/geoip/hostip
 

recon/hosts/enum/http/server_enum

 

Once completed running the modules you want to run for recon, you may want to produce some sort of report. Here is an example of an http report that was generated with a reporting module.

Overall, I think recon-ng is a great tool that shows a lot of promise. As the number of modules grows and as people share resource files I think the value will grow tremendously.

Monday
Sep032012

TekTip ep6 - Passive Information Gathering with TheHarvester

The Harvester: Created by Edge-Security
Default BT Location: /pentest/enumeration/theharvester
theharvester is a great passive information gathering tool that is immensly helpful in blind pentests.  
Notable options
-d: for the domain
-f: export to html/xml
-c: DNS bruteforce
-n: Reverse DNS query
-l: limit the number of results
-b: Where to search
** "-b all" does not actually include all sources.
examples:
./theharvester.py -d tekdefense.com -l 100 -n -b all
./theharvester.py -d securitytube.net -l 100 -n -b linkedin
Tekdefense.com
1aN0rmus@tekdefense.com