Raj Chandel's Blog
Footprinting
DMitry – Deepmagic Information Gathering Tool
05 months ago
DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line program coded purely in C with the ability to gather as much information as possible about a host.
Basic functionality of DMitry allows for information to be gathered about a target host from a simple whois lookup on the target to UpTime reports and TCP portscans.
First Open Your backtrack and Follow these path
Applications->Backtrack–>Information gathering->Network analysis->route analysis->dmitry
./dmitry -w target” will perform a standard named whois lookup
./dmitry -i target” will Perform an Internet Number whois lookup on the target.
./dmitry -n target” will Retrieve netcraft.com data concerning the host, this includes Operating System, Web Server release and UpTime information.
./dmitry -s target” Perform a Sub Domain search on the specified target.
| ./dmitry -e target | Perform a search possible email address |
| ./dmitry –p target | Perform a TCP Port scan on a host |
| ./dmitry –b target | Read in the banner received from the scanned port |
Protos – IP Protocol Scanner
39 months ago
Protos is an IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.
First Open Your backtrack and Follow these path
Applications->BackTrack -> Information Gathering -> Network Analysis -> Route Analysis -> protos
You can start it with./protos –I eth0 –d 192.168.1.2 (IP) -v
Usage: ./protos -i eth0 -d 10.1.2.3 -v
-v verbose
-V show which protocols are not supported
-u don’t ping targets first
-s make the scan slow (for very remote devices)
-L show the long protocol name and it’s reference (RFC)
-p x number of probes (default=5)
-S x sleeptime is x (default=1)
-a x continue scan afterwards for x seconds (default=3)
-d dest destination (IP or IP/MASK)
-i interface the eth0 stuff
-W don’t scan, just print the protocol list
Google+Jigsaw – Email Enumeration Tool (Employees Footprinting)
09 months ago
Jigsaw.rb is a simple ruby script for enumerating information about a company’s employees. It is useful for Social Engineering or Email Phishing.
First Download jigsaw script here and save in your desktop
Now unzip the file unzip jigsaw.zip
You can start it with./jigsaw.rb –s www.example.com
Jigsaw usage Example
| -i, –id [Jigsaw Company ID] | The Jigsaw ID to use to pull records |
| -s, –search [Company Name] | Name of organization to search for |
| -r, –report [Output Filename] | Name to use for report EXAMPLE: ‘-r facebook’ will generate ‘facebook.csv’ |
| -v, –verbose | Enables verbose output |
Google+
URLCrazy-Domain Name Typo Tool
09 months ago
URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
Features
- Generates 15 types of domain variants
- Knows over 8000 common misspellings
- Supports cosmic ray induced bit flipping
- Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)
- Checks if a domain variant is valid
- Test if domain variants are in use
- Estimate popularity of a domain variant
- URLCrazy requires Linux and the Ruby interpreter
First download urlcrazy from here and save on your desktop
Now untar the file tar -zxvf urlcrazy.tar.gz
You can start it with./urlcrazy www.example.com
