Difference between revisions of "Information Gathering Tools"

Summary

This is a draft. Comparing various available information gathering tools in Kali and comparing differences to ParrotOS. This document is NOT a documentation of the tools, it is merely a comparison and evaluation of the tools for an average security specialist or a security newbie wanting to start using the tools.

Requirements

• Operating system: Kali Linux 2021.1 amd64, Parrot Security 4.10 amd64

Disclaimer: all possible examples and tests done have been done in VMWare in a Kali Linux and ParrotOS VM.

Tools

Spiderfoot

Legion

DMitry

DMitry is a CLI to gather information about a host - possible subdomains, uptime information, tcp port scan, email addresses, whois lookups etc. It is mostly used to reveal information that exists through search engines about the owner or host of a web page, i.e. for social engineering attacks.
When using the portscan option, the results show less open ports than doing that same TCP scan with nmap.
DMitry:

HostIP:192.168.0.130                                                                                                                                                                    
HostName:                                                                                                                                                                                                                                                                                                                                                                
Gathered TCP Port information for 192.168.0.130                                                                                                                                                                                                                                                                               
Port           State
23/tcp          open
Portscan Finished: Scanned 150 ports, 148 ports were in state closed

Nmap:

Nmap scan report for 192.168.0.130
Host is up (0.20s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
23/tcp   open  telnet
554/tcp  open  rtsp
843/tcp  open  unknown
5001/tcp open  commplex-link
MAC Address: 7C:DD:90:AF:4E:7D (Shenzhen Ogemray Technology)
Nmap done: 1 IP address (1 host up) scanned in 2.33 seconds

To find out information about a domain, you need either the IP or the domain same.
Whois lookup on the other hand gets you some nice useful results. Below is an example of using dmitry -w www.fh-campuswien.ac.at on the college website of FH Campus Wien www.fh-campuswien.ac.at, and it just goes to show that it is exactly the same output as if you were to type whois fh-campuswien.ac.at

HostIP:91.213.77.62
HostName:www.fh-campuswien.ac.at
Gathered Inic-whois information for fh-campuswien.ac.at
---------------------------------
domain:         fh-campuswien.ac.at
registrar:      
registrant:     FCW1942152-NICAT
admin-c:        
tech-c:         NLTU11579014-NICAT
nserver:        ns.nextlayer.at
remarks:        81.16.150.30
nserver:        ns2.nextlayer.at
remarks:        81.16.151.30
changed:        20171003 19:16:08
source:         AT-DOM
personname:     
organization:   fh campus wien
street address: Favoritenstrasse 226
postal code:    A-1100
city:           Vienna
country:        Austria
phone:          +43160668771000
fax-no:         +43160668771009
e-mail:         office@fh-campuswien.ac.at
nic-hdl:        FCW1942152-NICAT
changed:        20100323 17:12:46
source:         AT-DOM
personname:     Hostmaster Hostmaster
organization:   next layer Telekommunikationsdienstleistungs- und BeratungsGmbH
street address: Mariahilfer Guertel 37- 7
postal code:    1150
city:           Vienna
country:        Austria
phone:          +43517649
e-mail:         hostmaster@nextlayer.at
nic-hdl:        NLTU11579014-NICAT
changed:        20170929 13:17:54
source:         AT-DOM

Overall a nice tool, useful for beginners who don't have experience with the basic tools yet. However to an experienced IT Security specialist, the tools that DMitry is based on, like nmap and whois would be the better choice to use here, since they just offer you the same output. One drawback however is that you need to install whois separately, whilst DMitry will be in the preinstalled set of tools. When it comes to portscan, it offers pretty insufficient results in DMitry.
This tool is fairly outdated nowadays, although it used to be very good a few years ago. Now there are better alternatives.

Nmap

Nmap is known to be a very powerful tool for information gathering and vulnerability scanning. It offers loads of options, offering for example for host discovery, scans (TCP, UDP, IP...), service/version detection, OS detection, firewalls/IDS evasion and spoofing, script scanning etc.

Recon-ng

Maltego

Netdiscover

Ike-scan

What's different in ParrotOS?

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

• A course where this documentation was used (2017, 2018)
• Another one (2018)

References

• https://www.parrotsec.org/docs/
• https://www.kali.org/docs/