Information Gathering Tools

Summary

This is a draft. Comparing various available information gathering tools in Kali and comparing differences to ParrotOS

Requirements

• Operating system: Kali Linux 2021.1 amd64, Parrot Security 4.10 amd64

Disclaimer: all possible examples and tests done have been done in VMWare in a Kali Linux and ParrotOS VM.

Tools

Spiderfoot

Legion

DMitry

DMitry is a CLI to gather information about a host - possible subdomains, uptime information, tcp port scan, email addresses, whois lookups etc. It is mostly used to reveal information that exists through search engines about the owner or host of a web page, i.e. for social engineering attacks.
When using the portscan option, the results show less open ports than doing that same TCP scan with nmap.
DMitry:

HostIP:192.168.0.130                                                                                                                                                                    
HostName:                                                                                                                                                                                                                                                                                                                                                                
Gathered TCP Port information for 192.168.0.130                                                                                                                                                                                                                                                                               
Port           State
23/tcp          open
Portscan Finished: Scanned 150 ports, 148 ports were in state closed

Nmap:

Nmap scan report for 192.168.0.130
Host is up (0.20s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
23/tcp   open  telnet
554/tcp  open  rtsp
843/tcp  open  unknown
5001/tcp open  commplex-link
MAC Address: 7C:DD:90:AF:4E:7D (Shenzhen Ogemray Technology)
Nmap done: 1 IP address (1 host up) scanned in 2.33 seconds

To find out information about a domain, you need either the IP or the domain same.
Overall a nice tool, would not use it for port scanning though. Whois lookup on the other hand gets you some nice useful results. Below is an example of using `dmitry -w www.fh-campuswien.ac.at` on the college website of FH Campus Wien -> www.fh-campuswien.ac.at

HostIP:91.213.77.62
HostName:www.fh-campuswien.ac.at
Gathered Inic-whois information for fh-campuswien.ac.at
---------------------------------
domain:         fh-campuswien.ac.at
registrar:      
registrant:     FCW1942152-NICAT
admin-c:        
tech-c:         NLTU11579014-NICAT
nserver:        ns.nextlayer.at
remarks:        81.16.150.30
nserver:        ns2.nextlayer.at
remarks:        81.16.151.30
changed:        20171003 19:16:08
source:         AT-DOM
personname:     
organization:   fh campus wien
street address: Favoritenstrasse 226
postal code:    A-1100
city:           Vienna
country:        Austria
phone:          +43160668771000
fax-no:         +43160668771009
e-mail:         office@fh-campuswien.ac.at
nic-hdl:        FCW1942152-NICAT
changed:        20100323 17:12:46
source:         AT-DOM
personname:     Hostmaster Hostmaster
organization:   next layer Telekommunikationsdienstleistungs- und BeratungsGmbH
street address: Mariahilfer Guertel 37- 7
postal code:    1150
city:           Vienna
country:        Austria
phone:          +43517649
e-mail:         hostmaster@nextlayer.at
nic-hdl:        NLTU11579014-NICAT
changed:        20170929 13:17:54
source:         AT-DOM

Nmap

Recon-ng

Maltego

Netdiscover

Ike-scan

What's different in ParrotOS?

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

• A course where this documentation was used (2017, 2018)
• Another one (2018)

References

• https://www.parrotsec.org/docs/
• https://www.kali.org/docs/