Information Gathering Tools

From Embedded Lab Vienna for IoT & Security
Revision as of 07:16, 19 June 2021 by VHorvathova (talk | contribs)
Jump to navigation Jump to search

Summary

This is a draft. Comparing various available information gathering tools in Kali and comparing differences to ParrotOS

Requirements

  • Operating system: Kali Linux 2021.1 amd64, Parrot Security 4.10 amd64

Disclaimer: all possible examples and tests done have been done in VMWare in a Kali Linux and ParrotOS VM.

Tools

Spiderfoot

Legion

DMitry

DMitry is a CLI to gather information about a host - possible subdomains, uptime information, tcp port scan, email addresses, whois lookups etc. It is mostly used to reveal information that exists through search engines about the owner or host of a web page, i.e. for social engineering attacks.
When using the portscan option, the results show less open ports than doing that same TCP scan with nmap.
DMitry: 

HostIP:192.168.0.130                                                                                                                                                                    
HostName:                                                                                                                                                                                                                                                                                                                                                                
Gathered TCP Port information for 192.168.0.130                                                                                                                                                                                                                                                                               
Port           State
23/tcp          open
Portscan Finished: Scanned 150 ports, 148 ports were in state closed

Nmap: 

Nmap scan report for 192.168.0.130
Host is up (0.20s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
23/tcp   open  telnet
554/tcp  open  rtsp
843/tcp  open  unknown
5001/tcp open  commplex-link
MAC Address: 7C:DD:90:AF:4E:7D (Shenzhen Ogemray Technology)
Nmap done: 1 IP address (1 host up) scanned in 2.33 seconds

To perform a whois lookup, you need either the IP or the domain same.
Overall a nice tool, would not use it for port scanning though. Whois lookup on the other hand gets you some nice useful results. Below is an example on using whois lookup on www.nmap.org 

HostIP:45.33.49.119
HostName:www.nmap.org
Gathered Inic-whois information for nmap.org
---------------------------------
Domain Name: NMAP.ORG
Registry Domain ID: D3106402-LROR
Registrar WHOIS Server: whois.fabulous.com
Registrar URL: http://www.fabulous.com
Updated Date: 2020-01-14T05:38:40Z
Creation Date: 1999-01-18T05:00:00Z
Registry Expiry Date: 2028-01-18T05:00:00Z
Registrar Registration Expiration Date:
Registrar: Sea Wasp, LLC
Registrar IANA ID: 411
Registrar Abuse Contact Email: support@fabulous.com
Registrar Abuse Contact Phone: +61.282133006
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registrant Organization: Insecure.Com LLC
Registrant State/Province: WA
Registrant Country: US
Name Server: NS1.LINODE.COM
Name Server: NS2.LINODE.COM
Name Server: NS3.LINODE.COM
Name Server: NS4.LINODE.COM
Name Server: NS5.LINODE.COM
DNSSEC: unsigned

Nmap

Recon-ng

Maltego

Netdiscover

Ike-scan

What's different in ParrotOS?

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

References

Retrieved from "https://wiki.elvis.science/index.php?title=Information_Gathering_Tools&oldid=7387"