Why is information gathering so important?
There is a saying that "information is power". Really practical and grounded. This is the age of digital information. It is not surprising that information is an important thing in the age of information technology. If you look at large organizations like Facebook and Google, which hold a lot of information, you can see the importance of information.
Information security is also important when looking at cyber security. To make it easy for everyone to understand, if you are going to do some hacking, that information is very important. Information refers to all information related to the organization or company that you are targeting. It's easier to get information from someone you know better than to get information from someone you know nothing about. Trying to find out everything there is to know about him is called information gathering. If you want to do hacking, you must be someone who is not obliged to spend most of your time on information gathering.
(You can read 3 old articles - links are below.)
If so, which information should we gather ?
In short, let's get everything we can get. "Gain as much information as possible about the desired target." They say. For example, let's say we target XYZ company. Then the cleaning staff working at XYZ knows who you are. The more information you can gather, the more information you can collect. The more likely it is to find a way. So the success rate is higher. To put it in perspective, an important person in the technology field who is no stranger to security may still have a password for a small (not many people notice) project that he once led.
Roughly speaking, they usually work with 2 data collection goals.
1. Collecting network data:
In this section, Public & Private domain names, sub-domain names, public & private IP blocks; routing tables, TCP & UDP running services, SSL certificate, Open ports and other information is collected.
2. Collecting system-related information:
In this section, user enumeration, system groups, hostnames (OS), OS system type (OS fingerprinting), system banners (using banner grabbing), etc. are usually done. This is usually done in 2 parts. But as I said above. It is important to know the cleaning staff. So, there may still be some people who live at home and search for information by browsing and using tools that are not enough. Another thing is if you know the people who have access to the target system, you can get help for the attack.
Information gathering techniques and methods
There are ways to do information gathering. If I extract some of them, I will divide them into 2 parts: manual methods and automated tools. Here are some ways to try it yourself -
1. Social Engineering
This method can be used through chat platforms such as Facebook Messenger, Viber, WeChat, Line, etc. You can check after sending mail, It means to be able to collect. Exploiting people's emotional vulnerability to get information. This method is simple and effective. If you are a very rich person yourself, you can do well in this matter.
2. Search Engines
Searching for information using search engines such as Google and Bing. In this section, you can use methods that are different from the normal search method. If you want to learn about this, you should study the Google Hacking Database.
https://www.exploit-db.com/google-hacking-database
3။ Social Networking
You will see even the smallest things on social media. So, in this day and age, we can get a lot of information from Social Media. On Facebook, the profile often has information such as work at. But when you are going to hack, you will have to start adding social networks like Facebook & Twitter as well as LinkedIn.
4. Domain Names
From company, organization, government, etc., domain names that are used exclusively for the last closed person are also included in important collections.
5. internet servers
You can also get useful information from authoritative DNS servers. This part can also be done with a tool like passive DNS recon. In addition, the points mentioned here can still be searched using tools.
Information gathering tools
I think they will be more interested in this part. There are many tools that can do information gathering. There are also Linux Disks made for Penetration Testing such as Kali, Parrot, etc., which collect such tools. Since I am a Kali user, I will only tell you about Kali. Kali has a lot of information gathering tools built-in. You can see the list of tools in Kali at the link below.
Now I'm going to talk about information gathering tools, so I'll talk about 1 dozen tools in Kali for a while. I don't want you to think that there are only 12. There are many more.
1. Nmap
nmap is known as a network scanner. nmap can be used not only for scanning but also as a data gathering tool. nmap is an excellent tool for port scanning, service fingerprinting, DNS enumeration and network mapping. It is widely used as well as widely studied. Regarding nmap, I even thought of writing a book with the name "nmap, the Scanner King". 😁 But soon.
2. Unicornscan
A tool that integrates with nmap. The functions of nmap are more interesting. You should study for yourself.
3. Sublist3r
A subdomain enumeration tool. He can create a virtual subdomain map of the website you want to target in a short time.
4. Dmitry
Deepmagic information gathering tool. It is one of the really good tools for reconnaissance.
5. OWASP Mass
It's easy to call Amass. It is a useful tool in the information gathering stage.
6. Axiom
Axiom is also a tool you should learn. Actually, all of these tools can be used for information gathering, so I don't think it's necessary to talk about it.
7. Th3 inspector
We can collect information available from the website. For example - page data, phone number, ip address, mail server address, domain WHOIS lookup, Cloudflare proxy bypass, domain age, active service scanning, subdomain mapping, CMS detector, etc.
8. Devploit
Used to pull DNS and domain data. A tool that can perform DNS lookups, WHOIS lookup, reverse IP info, port scanning, DNS zone transfer, HTTP headers, GEOIP lookup, subnet lookup, etc.
9. Bettercap
It is a tool that is also called swiss army knife for networking. Used for network recon and information gathering. It is famous for being able to find information about low energy devices such as WiFi, Bluetooth, ethernet network, etc.
10. Traceroute
In information gathering, it is used to search for information such as networking routes and network IP addresses.
11. WHOIS
domains, It is used to collect information related to ips. Admin name, phone, address, counts, DNS server, etc. are used to search.
12. Diff
It's a tool that searches for DNS records.
Now that you know what you should know, you can continue to study yourself.
If you want to know more details about this, please read the 3 old posts below
၁။ https://www.khitminnyo.com/2017/10/footprinting.html
၂။ https://www.khitminnyo.com/2017/10/footprinting-2.html
၃။ https://www.khitminnyo.com/2017/10/footprinting-3.html
Thank you for reading
0 Comments