Tools Flashcards
(22 cards)
SubBrute
SubBrute is a DNS enumeration tool that recursively crawls enumerated DNS records similar to the way a search engine spider crawls a website. It can enumerate any arbitrary DNS record type, including MX, NS, A, Canonical Name (CNAME), Start Of Authority (SOA), and IP version 6(IPv6) host (AAAA), and text (TXT) records.
InstaRecon
InstaRecon is a tool that can use Shodan to query for open ports. InstaRecon is described as a basic digital reconnaissance tool that can perform Domain Name System (DNS) enumeration. Like many other DNS enumeration tools, InstaRecon can discover basic DNS records, such as mail exchanger (MX), A, name server (NS), and pointer (PTR) records and can perform recursive lookups based on the records discovered in previous queries. However, InstaRecon adds the ability to use Shodan for performing its queries and can perform reverse DNS lookups on an entire range of IP Addresses within a Classless Interdomain Routing (CIDR) block.
Bluto
Bluto is a DNS enumeration tool that can query a target domain for MX and NS records and can perform an Authoritative Transfer (AXPR) query to discover subdomains. If the zone transfer query is unsuccessful, Bluto can use a brute-force method based on the top 20,000 subdomains from the Alexa Top 1 Million subdomains list. In addition to DNS enumeration, Bluto adds an email enumeration feature that can use the search engines, the Email Hunter Service, and the ‘https://haveibeenpwned.com’ Application Programming Interface (API).
DNSenum
Dnsenum is a Perl script that can be used to enumerate DNS information for a target domain. With dnsenum, a malicious actor can extract A records, NS records, and MX records from a DNS server. In addition, dnsenum can attempt an AXFR query to determine subdomain information. If a zone transfer query is successful, dnsenum can use alternative method, such as Google Scraping and brute force to determine target subdomains.
WAFWOOF
WAFW00F is an open-source utility written in Python and freely available as a module that can be installed by using pip, the Python package installer, or by downloading the source code directly from GitHub and then running the installation script. WAPW00F send specially crafted HyperText Transfer Protocol (HTTP) requests to suspected WAF and analyses the responses to determine the type of WAY that sent the response.
Webroot
Webroot is a company that provides endpoint protection against zero-day threats. Webroot produces consumer and enterprise software to protect against viruses and other types of malware. Webroot blocks file-based and fileless scripting attacks and can detect and analyse JavaScript, VBscript and PowerShell scripts as well as Microsoft Office macros.
Website-Watcher
Website-Watcher is a utility that monitors websites to detect changes. Website-Watcher can be configured to monitor a website and report when certain changes take place. In addition to monitoring basic websites, Website-Watcher can also monitor Really Simple Syndication (RSS) feeds as well as more complex websites, such as Facebook, Twitter and Instagram by converting them into RSS feeds. Website-Watcher provides an app for both iOS and Android devices that can be used view changes made to monitored sites.
Web-Stat
Web-Stat is a tool that can provide detailed tracking and analysis data for a website. Web-Stat tracks website activity, such as clicks and downloads. It can monitor the website for availability and send out email or Shor Message Service (SMS) alerts if the website becomes unavailable. With Web-Stat, a website administrator can track users in real time and observe how they interact with the site. Website administrators can use the data provided by Web-Stat to refine the layout, organisation and coding of their site so that it provides an optimal user experience.
Netcraft
Netcraft provides a free tool that can be used to determine the type of web software that is running on a publicly accessible host. Netcraft is an Internet services company that has been gathering web data and metrics since 1995. Although Netcraft offers commercial solutions focused on the prevention of malware and cybercrime, it also continues to offer free Internet research tools. One such tool is a web form that accepts a Uniform Resource Locator (URL) as its only input and provides a detailed report that corresponds to that URL. The report includes data such as the server OS, web server software, Secure Sockets Layer (SSL) certificate data and third-party resources.
ZoomInfo
ZoomInfo is an Internet marketing company that provides tools to assist sales representatives with researching target markets, planning territories, and generating new business leads. ZoomInfo provides a limited, publicly accessible directory that can be queried for data through a web interface. The query report provides insight into a number of topics, such as company organisation, metrics, competitors and general characteristics. More detailed information can be obtained by locally installing the free ZoomInfo Community App or by subscribing to one of their paid solutions.
Factiva
Factiva is a news aggregation and archival solution commonly used in libraries, universities, and Fortune 500 companies. Factiva includes data from newspapers, trade magazines, websites, blogs, and other multimedia sources. The data archived by Factiva can be accessed through its search platform or through more advanced tools such as data feeds and APIs.
Infoga
Infoga provides an open-source tools that can be used to gather email data form a variety of public sources, such as search engines and certificate servers. Infoga is an open-source tool that written in Python and included as part of many security-based software distributions, such as Kali Linux. Infoga produces output that includes the geolocation data, organisational data and IP Addresses of mail servers associated with the queried email address. In addition, Infoga can use the ‘haveibeenpwned.com’ Application Programming Interface (API) to check whether the queried email address has been breached.
JXplorer
JXplorer is across-platform Lightweight Directory Access Protocol (LDAP) browser that is available as a free, open-source download or as a paid, enterprise component of JXWorkBench. JXplorer provides the ability to easily navigate an LDAP tree and includes features such as drag-and-drop editing, complex search, and full add, edit, delete, copy and modify capabilities.
ZabaSearch
ZabaSearch is a search engine focused on public information about individuals and their connections. ZabaSearch queries public information sources based on personal information such as first and last name, phone number, and state of residence. Query results include basic information such as last known address and phone number of all possible matches. In addition, there are links provided to perform more advanced searches, such as background checks, public record queries, and property record queries. ZabaSearch uses intellius.com as its main data aggregator.
ZabaSearch
ZabaSearch is a search engine focused on public information about individuals and their connections. ZabaSearch queries public information sources based on personal information such as first and last name, phone number, and state of residence. Query results include basic information such as last known address and phone number of all possible matches. In addition, there are links provided to perform more advanced searches, such as background checks, public record queries, and property record queries. ZabaSearch uses intellius.com as its main data aggregator.
EarthExplorer
EarthExplorer is a geospatial data set visualisation platform. EarthExplorer was developed by the United States Geological Survey (USGS) as a web application to provide access to satellite imagery, aerial photography, topographical data, and other geospatial data sets. With EarthExplorer, you can manually navigate the map data or search for specific criteria, such as U.S. or world features, map coordinates, data ranges and weather conditions.
Ike-Scan
Ike-Scan is an IP Security (IPSec) scanner and testing tool. Ike-Scan is a command-line tool that can be used to discover Internet Key Exchange (IKE) hosts, fingerprint IKE hosts, enumerate transform and user attributes, and crack pre-shared keys (PSKs). Ike-Scan is open source and can be compiled on most OSs from its publicly available source code.
Tor Client
An attacker would use Tor Client when he wants to conceal his IP Address. For Example : if an attacker wanted to gather information from military or federal databases through dark web footprinting, tha attacker could use a Tor client to investigate target servers without revealing the attacker’s IP Address. Tor is effectively an enhancement of the proxy chain technique. With Tor, a client on the attacker device can download a list of active Tor clients in the network. Packets are routed to their destination through a random series of Tor clients. Most of the packet path is encrypted, so the individual Tor clients in the path do not have access to data in the packet. When the packet reaches the final Tor client in the path, it is decrypted and sent directly to its destination.
Luma
This is a Python-based LDAP browser. Luma is available for many Linux distributions directly from their respective repositories. Alternatively, Luma can be downloaded directly from the Luma website and installed manually. Luma requires Python, Qt, PyQt, and the python-ldap module.
Coral Directory
Coral Directory is a Windows application that was developed by Hans Maeda and supports many of the features from larger projects, such as JXplorer and Gawor’s LDAP Browser/Editor. Coral Directory is distributed as shareware in Japan, where it was developed, and as freeware within the United States.
Gawor’s LDAP Browser/Editor
Like JXplorer, Gawor’s LDAP Browser/Editor is a Java-based utility. Development on Gawor’s LDAP Browser/Editor appears to have ceased in 2011, but it continues to be a community favourite because of its speed, stability and feature set.
OSINT
It is a collection and analysis of information that is gathered from public or open sources. Keep in mind the “Open-Source” is unrelated to open-source software or competitive intelligence. OSINT is used by law enforcement and intelligence professionals to obtain relevant information.
