30/03/2019
What is TheHarvester?
TheHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources.
Why TheHarvester?
This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
Source: https://github.com/laramies/theHarvester/
How to use TheHarvester?
No need to worry about the “warning” because it is just telling us that theHarvester does not work on any site that has SSL.
The function of -d is to search for any domain or name of a company.
The function of -b is to choose the data source such as bing, google, twitter, etc.
After typing “theharvester -d pentest.id -b google”, I received the results as the following:
30/03/2019
What is JoomScan?
OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them.
Why JoomScan?
If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and updated with the latest Joomla vulnerabilities.
Source: https://github.com/rezasp/joomscan
How to use JoomScan?
29/03/2019
What is Maltego?
Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet.
What does Maltego do?
The focus of Maltego is analyzing real-world relationships between information that is publically accessible on the Internet. This includes footprinting Internet infrastructure as well as gathering information about the people and organizations who own it.
How to use Maltego?
Open Kali linux, go to Applications, and choose Maltego.
The first thing is that we have to choose the maltego type we want to use. Click on the Community Edition. We will be asked to log in then. Click register here to make a new account.
Once we are logged in, choose create a new graph
Drag the Domain section to the graph and input the domain name
Choose All Transforms to search for all of the possible DNS servers and every network associated with the target. Then click the “arrow”.
29/03/2019
Kali Linux provides many tools for information gathering.
For this post, I am going to introduce Host:
What is Host?
Host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa.
Options:
How to use Host?
29/03/2019
Kali Linux provides many tools for information gathering.
For this post, I am going to introduce Nmap:
What is Nmap?
Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports and detecting security risks.
How to use Nmap?
nmap *domainname*
Example: nmap pentest.id
29/03/2019
Kali Linux provides many tools for information gathering.
For this post, I am going to introduce whois:
What is Whois? When to use it?
Whois is a widely used Internet record listing that identifies who owns a domain and how to get in contact with them.
The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership. Whois records have proven to be extremely useful and have developed into an essential resource for maintaining the integrity of the domain name registration and website ownership process.
How to use Whois?
28/03/2019
To discover our IP, type ifconfig
27/03/2019
We were given an assignment and was asked to fulfil the following:
- Network and IP Space pentest.id
- Enumeration User hackme.pentest.id
- Enumeration User Email @pentest.id
We were recommended to use the following tools:
- wpscan
- jooscan
- TheHarvester
- Google
- Nmap
The following is my solution:
Network and IP Space pentest.id
I used theharvester to check any hostnames IPs available.
I typed the following in terminal:
No need to worry about the “warning” because it is just telling us that theHarvester does not work in any site that has ssl.
The function of -d is to search for any domain or name of a company.
The function of -b is to choose the data source such as bing, google, twitter, etc.
After typing “theharvester -d pentest.id -b google”, I received the results as the following:
Enumeration User hackme.pentest.id
I used wpscan to enumerate user from hackme.pentest.id and typed the following:
” –url ” is used to scan the url of the blog we want to scan.
” –enumerate u ” means enumerating users.
It produced the result as the following:
Enumeration User Email @pentest.id
I used theharvester and typed “theharvester -d pentest.id -b gooogle”, but unfortunately there was no email found.
