Open
Milestone
Information Gathering
Passive Information Gathering
- Locate the target Web presence
- • Gather search engine results regarding the target
- • Look for Web groups containing employee and/or company comments
- • Examine the personal Web sites of employees
- • TheHarvester
- theharvester -d unibz.it -b google
- • Google dorks (extended sheet: https://gbhackers.com/latest-google-dorks-list/)
- inurl:wp-content/uploads
- • Asset finder
- assetfinder --subs-only domain.com
- The goal is to understand the target environment
- • Technologies (looking at job offers)
- • Expertise (looking at the employees profiles)
- • The size of the system
Active Information Gathering
- Direct interaction with the Target
- • Learn how the target works
- • Understand the technologies used
- • Find the running services
- • Services versions (some versions might be vulnerable)
- nmap (ports, OS and services scanning)
- • sudo nmap -v -sS -A -Pn -p- -oN target.txt target.com
- • gobuster
- • gobuster dir -u http://192.168.240.1:8888/dvwa -w /usr/share/wordlists/dirb/common.txt -q -n
- -e -s “200"
- • nmapAutomator
- • nmapAutomator.sh 10.10.10.34 All | tee nmapAutomator.txt
Loading
Loading
Loading
Loading