Penetration Test - Selecting_Pen_Testing_Tools(6)
Open-Source Research Tools
OPEN SOURCE INTELLIGENCE (OSINT) TOOLS
| Tool | Notes | URL |
|---|---|---|
| Whois | Domain details (contacts, name servers, etc.) | https://whois.icann.org/en (and many more) |
| Nslookup | DNS information | Installed or available on most OSs |
| Foca | Fingerprint Organizations with Collected Archives - finds document metadata. | https://github.com/ElevenPaths/FOCA |
| Theharvester | Gathers info from many sources (email, hosts, open ports, etc.) | https://github.com/laramies/theHarvester |
| Shodan | Finds Internet connected devices | https://www.shodan.io/ |
| Maltego | Data mining for investigations | https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php |
| Recon-NG | Web reconnaissance | https://bitbucket.org/LaNMaSteR53/reconng |
| Censys | Finds Internet connected devices | https://censys.io/ |
DEMO
whois google.com
nslookup google.com
QUICK REVIEW
- OSINT data can help fill in information gaps
- Some information is not based on IP addresses or domain names
- Be creative when exploring attack vectors for targets
- Targets can be devices, people, user accounts, and even facilities
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
