Lead Image © Wayne Daniels, 123RF.com
Web-based reconnaissance
Recon
The Metasploit Framework Project and the Social Engineer Toolkit (SET) are two great frameworks used by penetration testers to automate exploitation of known vulnerabilities.
Recon-ng [1], an open source web reconnaissance (recon) framework coded in Python by Tim Tomes (LaNMaSterR53), is the third such framework to have been unleashed. Tomes and other programmers have written numerous modules for recon-ng, which comb social websites and domains to harvest names of users, contacts, companies, repositories, and much more.
In traditional reconnaissance, you gather information visually or through published material on people and places. Today, however, most people take pictures, tweet, and upload content to social websites from mobile devices, which embed time and geographical coordinates in each item (unless you've disabled location services), revealing where you eat, sleep, work, and play. Although this is a frightening thought, location services also help you navigate unfamiliar cities, find restaurants and shops, and discover whether you left your smartphone at home, work, or somewhere else in the hustle and bustle of a busy day.
In advanced recon, you can develop a storyline efficiently – instead of searching people down manually – enumerate server-side technologies, discover live vulnerabilities, and harvest full credentials. From the defense perspective, the goal is to see implemented technologies and configurations, search for vulnerable code snippets using GitHub dorks (specialized search syntax), and identify weaknesses in physical security. By using the recon-ng Pushpin module, you can conduct remote physical security analysis to identify YouTube videos, Twitter tweets, and Flickr photos in a defined geographical area.
Acquiring API keys are a requirement of this endeavor. For more information, you can check out the framework's wiki
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Discover system vulnerabilities and exploits
The Kali Linux pentesting and compliance distribution is an antidote to attacks and other online danger. -
PowerShell add-on security modules
Numerous PowerShell add-on modules provide security and attack functions for penetration tests and forensic analyses, to help admins search for vulnerabilities in their networks. -
Intruder Tools
Professional attackers have much more pointed at your site than just Nmap, and you should too if you want to test your network’s security. We’ll show you some tools intruders use to gather information.
-
Hunt down vulnerabilities with the Metasploit pen-testing tool
The veteran Metasploit is by no means obsolete and is still used as a typical workflow to find and analyze security vulnerabilities in Windows 10 and Linux systems. -
Refurbished: Windows 2012 Active Directory
Microsoft’s Windows Server 2012 offers numerous improvements in Active Directory, as well as better and easier management.