Category: Footprinting tools

Hello, aspiring ethical hackers. In one of our previous blogposts, you learnt what is OSINT in detail. In this blogpost, you will learn about Maltego, one of the most popular tools used to perform OSINT. Maltego is an open-source tool that is used for OSINT, forensics and other investigations. It is a link analysis software that offers real-time information gathering.

Maltego focuses on analyzing real world relationships between people, groups, webpages, domains, networks internet infrastructure and what not. Using maltego, we can extract information like DNS records, whois records, Phone numbers, email addresses, IP addresses and metadata etc.

Some of the most important data sources queried by Maltego include vulners, dorking, OpenPhish, Image Analyzer, Hunter, Censys, Google Social Network Tools, VirusTotal Premium, NIST, Pipl, Whois XML, Wayback machine, Phone Search, Shodan etc.

Maltego runs on Linux, MacOS and Windows. For this tutorial, we will be using Maltego on Kali Linux. Open terminal and type command “maltego”. The system will prompt you if you want to install maltego as shown below.

After the installation is finished, Maltego will prompt you to select a product. You need to have an account with Maltego to use it. Register for a free account. (Maltego CE (FREE) account by clicking on “Register”.

Accept the terms and click on “Next”.

(You can either create a account from this tool or create it from their website). Login into your account.

You will be taken to the browser. Login into your account created earlier.

After a few seconds, you will get a message that the authentication is complete.

Click on “Next”. Select “standard transform” option and click on “Next”.

Click on “Next”.

In the next window, make appropriate choice and click on “Next”.

Choose a browser and click on “Next”.

Click on “Next”.

Select the option “Open a blank graph and let me play around” option and click on “Finish”.

If you select the option “Open an example graph”. You will see this.

You will get to the interface of Maltego. Maltego calls the queries you search for as entities. These entities can be anything like name of a person, IP address, email address, domain etc. In the entity Palette, search for “email” as shown below and drag the result into the graph.

Click on the entity in the graph to change it to the email address you want to search for.

For example, let’s search for information related to our company.

In order to search for anything related to this email, right click on the entity.

There are various transforms you can search for like IP addresses, domains etc. Click on running on all transforms to see all the transforms available.

From here, you can select any transform you want. For example, run “to domains”.

As you can see, the domain related to this email is displayed. You have read just now that Maltego is a link building software. We can also run a transform on this resultant domain. For example, right click on the domain, and select To email addresses transform again.

Like this, we can search for related email addresses, Phone number, domain, DNS entries, usernames, social media accounts, etc. using this tool. Learn how to perform OSINT using SpiderFoot.

Hello, aspiring ethical hackers. In one of our previous blogposts, you learnt in detail about footprinting or information gathering and the various methods of reconnaissance. In another blogpost, you learnt what is OSINT. In this blogpost, you will learn about a resource that falls into the above categories. Its named Shodan, I prefer to call it the hackers search engine

What is Shodan?

You know about Google search engine and its power. It allows you search for images, videos, news etc. what if there was a search engine to search for various types of devices connected to the internet. These devices can be webcams, routers and different servers like web server, FTP server, Telnet, SSH, SNMP, IMAP, SMTP etc. In fact, everything connected to internet. Well, the answer is Shodan.

Let’s learn more about it. Go to the official website of it here and in the search field, search for Apache.

It will start displaying all the Apache servers connected to internet as shown below.

But as you try to go to the next page to see more entries, you should see the below error.

You can search for anything you want but the results are limited if you are not registered. You can create an account on Shodan by going to the Register page. Registration is free and after you confirm your registration from your email, you are ready to use the power of this awesome search engine.

You can login into your Shodan account and search for whatever you want.

Let’s search for SSH servers running on ports 22 and 3333.

Sometimes, administrators just change the operating port of a server to prevent hacking attacks. We can even search for them. For example, let’s search for SSH servers running on ports other than 22 and 3333.

Let’s search for Redis servers.

In fact, you can search for anything connected to the internet using Shodan. Seeing the use of this tool for pen testers, the makers of Kali Linux have included Shodan-cli, a command line version in their repository.

Before using the command line version of Shodan, you need to add the API key of Shodan. It can be added as shown below.

This key can be seen in the Account section of Shodan. Once the API key is entered, you can use Shodan-cli.  This API key can also be used with tools like SpiderFoot used for OSINT. Note that the features are dependent on the types of account you have at Shodan. Free account has limited features. Let’s see how many open SSH and Filezilla servers are exposed to the internet.

After seeing all this, you may wonder how Shodan works or is it legal to use it. Shodan works by using a technique called banner grabbing. It captures banners of all the devices connected to the internet and then stores them in its database. Although it is legal to use Shodan for querying, it is not to do anything on the exposed servers without their permission. It is used by pen testers to see what devices are exposed and what information they are leaking to the internet.

Hello, aspiring ethical hackers. In one of our previous blogposts, you learnt in detail about what is OSINT, types of OSINT etc. In this blogpost, you will learn about a tool named SpiderFoot. SpiderFoot is an open-source intelligence (OSINT) automation tool.

Spiderfoot is a python script and can be run on any machine with Python installed. Using spiderfoot, we can gather information from almost any open source data source available. For this tutorial, we will be using Kali Linux as spiderfoot is installed by default on it. Spiderfoot has an embedded web server and hence has a web-based interface.

To start spiderfoot on Kali, all you have to do is use the “-l” option and then specify a IP address and port on which you want the web server to listen on.  The “-l” option stands for listen. Here we have configured spiderfoot to listen on the port 5500 of localhost.

Now, browse to the above highlighted URL using your favorite browser. You should see this.

Since we have not yet performed any scans yet. There is no scan history. To start a new scan, click on “New scan”.

Spiderfoot can gather information from domain name, IPV4 or IPV6 address, host names, sub-domains, subnet, Bitcoin address, E-mail address, phone number, human names, usernames and networks. Let’s start our search with a domain name first.

After entering the name of the scan and the scan target scroll down a bit.

There are various ways you can search with for any target using SpiderFoot. You can also search based on what you require about the target.

You can also search based on required module (more about modules later).

I select “All” and click on “Run scan now”. The scan starts and may look empty at the beginning.

As the scan progresses, your screen will be filled with bars as shown below.

While the scan is still running, you can view the findings of the scan by going to the “Browse” tab as shown below.

You can view each of the entries to find out what spiderfoot has detected.

For example, in this case, the target website is hosted in USA. Now, let’s search for a “Name” say “kalyan”. The good thing about spiderfoot is that it will automatically detect the type of target based on format of your input.

Here’s the result.

You can see all the scans you performed in the “scans” section.

Another important tab here is the “settings” tab. It consists of settings for this tool. But just not that. Remember, I told you at the beginning of this article that Spiderfoot can collect information from almost all data sources. These data sources are listed here to the left in settings section.

Almost all sources are free, but some need APIs belonging to that particular service (Did you see the lock sign next to some services?).