Penetration Test

Open-Source Research Tools

OPEN SOURCE INTELLIGENCE (OSINT) TOOLS
Tool Notes URL
Whois Domain details (contacts, name servers, etc.) https://whois.icann.org/en (and many more)
Nslookup DNS information Installed or available on most OSs
Foca Fingerprint Organizations with Collected Archives - finds document metadata. https://github.com/ElevenPaths/FOCA
Theharvester Gathers info from many sources (email, hosts, open ports, etc.) https://github.com/laramies/theHarvester
Shodan Finds Internet connected devices https://www.shodan.io/
Maltego Data mining for investigations https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php
Recon-NG Web reconnaissance https://bitbucket.org/LaNMaSteR53/reconng
Censys Finds Internet connected devices https://censys.io/
DEMO
whois google.com

image-20201116171348778

nslookup google.com

image-20201116171636811

QUICK REVIEW
  • OSINT data can help fill in information gaps
  • Some information is not based on IP addresses or domain names
  • Be creative when exploring attack vectors for targets
  • Targets can be devices, people, user accounts, and even facilities
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/keepmoving1113/p/13986073.html