Bug Bounty

Information Gathering

Liferacer333
by Liferacer333 August 29, 2020


 Information Gathering



Information Gathering is a  phase in which we attempt to gather information regarding the target we're attempting to break into. It is the first step or the beginning stage of Ethical hacking. The information can be open ports, services running, like unauthenticated administrative consoles or those with default passwords.

The more information we gather about the target, the more it is beneficial to us, as there will be more attack surface available to us. When doing a Web Application assessment we need to explore all the possibilities of breaking into the Web Application. 


Information Gathering Techniques:  




* Active techniques:

                  An Active technique is connecting to our target for gaining information. This may include running port scans, enumerating files and so on. Active techniques can be detected by the targets, so care must be taken to ensure that we do not perform unnecessary techniques.

* Passive techniques:

                 Using Passive techniques we use third party websites and tools that don't contact the target for gathering data for our reconnaissance purposes. The best part of Passive scanning is the target that never gets a hint that we are performing a reconnaissance. Since we do not connect to the target no server logs are generated.

Websites like ShodanVirustotal and Google can extract lot of data for a website.


Enumerating Sub-Domains, Hidden directories, Files and Resources:




The following recon tools can be used to  gather information about the target site :-

Sublist3r


Sublist3r tools is designed to enumerate subdomains of the target site using OSINT. It enumerates subdomains using many search engines like Google, Bing, Baidu and using some thirdparty sites and so on.                                                                                                   Click here : https://github.com/aboul3la/Sublist3r.git


Osmedeus



Features:

  • Web Technology Detection
  • Subdomain enumeration
  • IP Discovery
  • SSL
  • CORS
  • Wayback Machine Discovery
  • Port Scan 
  • Vulnerable Scan
  • Whois, Dig info and many more.
Click here: https://github.com/j3ssie/Osmedeus.git






 The Maltego application is a visual link analysis tool. This was already pre-installed in kali linux. This tool comes with a OSINT plugins called Transforms. The tool offers real time data mining and information gathering as well as representation of this information on a node-based graph to understand easily.






Nmap ("Network Mapper") is a free and open source tool for network discovery and security auditing. Nmap uses RAW IP packets in novel ways to determine what hosts are available on the network. For more details visit its official website nmap.org .

Zenmap is also similar to nmap but is UI Based Click Here


DirBuster




   Dir Buster searches for hidden pages and Directories on a web server. Sometimes developers will leave a page accessible, but unlinked. This is a Java Application developed by OWASP. For more details visit DirBuster homepage Click here .

Below i'll list some tools which can be used in active reconnaissance :

The Harvester

Rust Scan

WhatWeb

Scrapy

RED_HAWK

CeWL


The Following Websites will be used for Passive Reconnaissance:




Shodan

Whois

Dns Dumpster

Virus Total

Reverse IP Lookup

Google Hacking Database

OSINT

Pentest-Tools


How you Gather, Manage and use Information will determine whether you win or lose!


 


Any suggestions ? comment down!💬

Post a Comment

3 Comments