Tools and Utilities

Here we can find some tools and utilities commonly used for processes related to information gathering:

DNS Dumpster

Web tool that maps a Domain through DNS services it uses

DNSrecon

Tool to perform general enumeration of a domain

Commands

Installation

sudo apt install dnsrecon

Usage

dnsrecon -h #Get help with use
dnsrecon -d $domain #Enumerate a domain
dnsrecon -n $nameserver #Enumerate a name server
dnsrecon -d $domain -t $type #Specify the type of enumeration

Shodan

Online service that is built as a search engine for internet-connected devices
The utility tries to connect to every device reachable online, once it gets a response, it collects all the information related to the service and saves it in the database to make it searchable

Commands

Installation

sudo apt install shodan

Usage

shodan init $APIkey #Set API key from your Shodana account
shodan host $IP     #Search information about a host

Wayback Machine

A website that creates snapshots of pages in time and displays them to the user

Wappalyzer

A website that helps to determine what technologies a page uses. Also works as a Firefox extension

User-Agent Switcher and Manager

Gives you the ability to pretend to be accessing the webpage from a different operating system or different web browser

OWASP Favicon

Database to identify typical icons of Development Frameworks

LinEnum

Another tool for Linux enumeration

Commands

Installation

git clone https://github.com/rebootuser/LinEnum

Usage

./LinEnum.sh -s -k keyword -r report -e /tmp/ -t

Spiderfoot

Open-source intelligence (OSINT) automation tool

Usage

Click the New Scan tab, enter a name for the scan, and select a target. Scanning can also be personalized by the type of information required or by choosing the individual scanner modules
To add API keys, go to the Settings tab, open the page for the module you are looking for, and complete the table including the type of information the module searches for
- If you don't know how to get the API keys, click the ? next to the API option in the module and follow the instructions to get API keys

Commands

Installation

sudo apt install spiderfoot

Usage

spiderfoot -l 127.0.0.1:$port    #Deploy app locally in the specified port
spiderfoot -M                    #Display available modules

OSINT Framework

OSINT Framework with several tools to gather information passively

Recon-ng

OSINT framework that consists of a series of modules that can be run in workspaces

Commands

Installation

sudo apt install recon-ng

Usage

recon-ng    #Initiate fcommand interface
recon-web   #Initiate web GUI

#Inside the recon-ng console environment
[recon-ng][default] > help
[recon-ng][default] > workspaces create $wsname #Create workspace
[recon-ng][default] > workspaces list #List created workspaces
[recon-ng][default] > shell $command #Execute shell commands
[recon-ng][default] > back #Exit current context
[recon-ng][default] > marketplace search #Check modules available
[recon-ng][default] > marketplace search $name #Search specific modules
[recon-ng][default] > marketplace refresh #Refresh available modules
[recon-ng][default] > marketplace info $name #Check about an specific module
[recon-ng][default] > marketplace install $name #Install a module
[recon-ng][default] > modules search #Check installed modules
[recon-ng][default] > modules load $name #Enter the context of a module to use it

#Inside the context of a module
[recon-ng][$module] > info #Get details about a module
[recon-ng][$module] > options set $option #Set parameters for a module
[recon-ng][$module] > run #Set parameters for a module
[recon-ng][$module] > dashboard #Get results of the information gathered
recon-ng][$module] > show $entry #Check for specific categories

Whatweb

Tool to extract web servers, supporting frameworks, and applications

Commands

Installation

sudo apt install whatweb

Usage

whatweb $IPsslscan skillsforall.com

crt.sh

Obtain detailed certificate transparency information about a given domain

sslscan

Command-line tool for testing and analyzing SSL/TLS-enabled services, checking their configuration and security

Commands

Installation

sudo apt install sslscan

Usage

sslscan $domain

enum4linux-ng

Command-line tool for doing reconnaissance and enumeration on Linux hosts

Commands

Installation

sudo apt install enum4linux-ng

Usage

enum4linux-ng $IP
enum4linux-ng -A $IP #Do all simple enumeration

SET

Social Engineering Toolkit, an open-source penetration testing framework designed for social engineering. Has many custom attack vectors that allow you to make a believable attack quickly

Commands

Installation

sudo apt install set

Usage

setoolkit     #Launch

BeEF

Browser Exploitation Framework, a tool that can be used to manipulate users by leveraging XSS vulnerabilities via sending fake notifications and stealing cookies, among others

Commands

Installation

sudo apt install beef-xss

Usage

beef-xss

Censys

Tool used for passive reconnaissance to find information about devices and networks on the Internet

Offers free DNS record, IP address, hostname, and WHOIS lookup information, providing transparent domain information

GrayHatWarfare

Provides a search engine for publicly accessible Amazon S3 buckets, allowing users to search for open storage buckets that may contain sensitive files, misconfigurations, or exposed data

DNSenum

Tool for information gathering and brute forcing of DNS domains and subdomains

Commands

Installation

sudo apt install dnsenum

Usage

dnsenum --dnsserver $DNSip --enum -o $outFile -f /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt $domain

DNSenum

Tool for information gathering and brute forcing of DNS domains and subdomains

Commands

Installation

sudo apt install dnsenum

Usage

PreviousBruteforce subdomains NextUseful Tips

Last updated 1 month ago

Was this helpful?