Difference between revisions of "Information Gathering Tools"
VHorvathova (talk | contribs) |
VHorvathova (talk | contribs) |
||
Line 38: | Line 38: | ||
To find out information about a domain, you need either the IP or the domain same. | To find out information about a domain, you need either the IP or the domain same. | ||
<br> | <br>Whois lookup on the other hand gets you some nice useful results. Below is an example of using <i>dmitry -w www.fh-campuswien.ac.at</i> on the college website of FH Campus Wien www.fh-campuswien.ac.at, and it just goes to show that it is exactly the same output as if you were to type <i>whois fh-campuswien.ac.at</i> | ||
HostIP:91.213.77.62 | HostIP:91.213.77.62 | ||
HostName:www.fh-campuswien.ac.at | HostName:www.fh-campuswien.ac.at | ||
Line 77: | Line 77: | ||
changed: 20170929 13:17:54 | changed: 20170929 13:17:54 | ||
source: AT-DOM | source: AT-DOM | ||
Overall a nice tool, useful for beginners who don't have experience with the basic tools yet. However to an experienced IT Security specialist, the tools that DMitry is based on, like nmap and whois would be the better choice to use here, since they just offer you the same output. One drawback however is that you need to install whois separately, whilst DMitry will be in the preinstalled set of tools. | |||
=== Nmap === | === Nmap === |
Revision as of 07:31, 19 June 2021
Summary
This is a draft. Comparing various available information gathering tools in Kali and comparing differences to ParrotOS
Requirements
- Operating system: Kali Linux 2021.1 amd64, Parrot Security 4.10 amd64
Disclaimer: all possible examples and tests done have been done in VMWare in a Kali Linux and ParrotOS VM.
Tools
Spiderfoot
Legion
DMitry
DMitry is a CLI to gather information about a host - possible subdomains, uptime information, tcp port scan, email addresses, whois lookups etc. It is mostly used to reveal information that exists through search engines about the owner or host of a web page, i.e. for social engineering attacks.
When using the portscan option, the results show less open ports than doing that same TCP scan with nmap.
DMitry:
HostIP:192.168.0.130 HostName: Gathered TCP Port information for 192.168.0.130 Port State 23/tcp open Portscan Finished: Scanned 150 ports, 148 ports were in state closed
Nmap:
Nmap scan report for 192.168.0.130 Host is up (0.20s latency). Not shown: 996 closed ports PORT STATE SERVICE 23/tcp open telnet 554/tcp open rtsp 843/tcp open unknown 5001/tcp open commplex-link MAC Address: 7C:DD:90:AF:4E:7D (Shenzhen Ogemray Technology) Nmap done: 1 IP address (1 host up) scanned in 2.33 seconds
To find out information about a domain, you need either the IP or the domain same.
Whois lookup on the other hand gets you some nice useful results. Below is an example of using dmitry -w www.fh-campuswien.ac.at on the college website of FH Campus Wien www.fh-campuswien.ac.at, and it just goes to show that it is exactly the same output as if you were to type whois fh-campuswien.ac.at
HostIP:91.213.77.62 HostName:www.fh-campuswien.ac.at Gathered Inic-whois information for fh-campuswien.ac.at --------------------------------- domain: fh-campuswien.ac.at registrar: registrant: FCW1942152-NICAT admin-c: tech-c: NLTU11579014-NICAT nserver: ns.nextlayer.at remarks: 81.16.150.30 nserver: ns2.nextlayer.at remarks: 81.16.151.30 changed: 20171003 19:16:08 source: AT-DOM personname: organization: fh campus wien street address: Favoritenstrasse 226 postal code: A-1100 city: Vienna country: Austria phone: +43160668771000 fax-no: +43160668771009 e-mail: office@fh-campuswien.ac.at nic-hdl: FCW1942152-NICAT changed: 20100323 17:12:46 source: AT-DOM personname: Hostmaster Hostmaster organization: next layer Telekommunikationsdienstleistungs- und BeratungsGmbH street address: Mariahilfer Guertel 37- 7 postal code: 1150 city: Vienna country: Austria phone: +43517649 e-mail: hostmaster@nextlayer.at nic-hdl: NLTU11579014-NICAT changed: 20170929 13:17:54 source: AT-DOM
Overall a nice tool, useful for beginners who don't have experience with the basic tools yet. However to an experienced IT Security specialist, the tools that DMitry is based on, like nmap and whois would be the better choice to use here, since they just offer you the same output. One drawback however is that you need to install whois separately, whilst DMitry will be in the preinstalled set of tools.
Nmap
Recon-ng
Maltego
Netdiscover
Ike-scan
What's different in ParrotOS?
Used Hardware
Device to be used with this documentation Maybe another device to be used with this documentation
Courses
- A course where this documentation was used (2017, 2018)
- Another one (2018)