Chapter 3: Discovery
Logistics
WHOIS (Common to all that helps to get information about a domain name and an Internet Protocol (IP) addres)
Online- http://www.internic.net/whois.html
http://www.allwhois.com
Dig (Geting IP address of a target host)
smiler nslookup, host and other usefull tool is digbug found in http://www.edge-security.com/soft/digdug-0.8.tar
ARIN (Discovery and understanding Of the IP block)
http://www.arin.net use : whois -h whois.arin.net 217.160.235.213
SamSpade
Gets you lots of the logistical information only run on windows(http://preview.samspade.org/ssw/download.html) or use online at http://samspade.org
AFD(Active Filter Detection)
Found on http://www.purehacking.com/afd/downloads.php
SSL/TLS (Windows tool that checks the remote ssl stack for supported ciphers
and version)
THCSSLCheck (http://freeworld.thc.org/root/tools/THCSSLCheck.zip)
SSLDigger
You can get it here: http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip
OS Fingerprinting
Netcraft (I'm confused about this... )
p0f (passive OS fingerprinting)
i'm getting details about p0f here http://lcamtuf.coredump.cx/p0f.shtml
download link http://lcamtuf.coredump.cx/p0f.tgz
readme http://lcamtuf.coredump.cx/p0f/README
DMitry (Deepmagic Information Gathering Tool)
available here http://www.mor-pah.net/index.php?file=projects/dmitry
Logistics
WHOIS (Common to all that helps to get information about a domain name and an Internet Protocol (IP) addres)
Online- http://www.internic.net/whois.html
http://www.allwhois.com
Dig (Geting IP address of a target host)
smiler nslookup, host and other usefull tool is digbug found in http://www.edge-security.com/soft/digdug-0.8.tar
ARIN (Discovery and understanding Of the IP block)
http://www.arin.net use : whois -h whois.arin.net 217.160.235.213
SamSpade
Gets you lots of the logistical information only run on windows(http://preview.samspade.org/ssw/download.html) or use online at http://samspade.org
AFD(Active Filter Detection)
Found on http://www.purehacking.com/afd/downloads.php
SSL/TLS (Windows tool that checks the remote ssl stack for supported ciphers
and version)
THCSSLCheck (http://freeworld.thc.org/root/tools/THCSSLCheck.zip)
SSLDigger
You can get it here: http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip
OS Fingerprinting
Netcraft (I'm confused about this... )
p0f (passive OS fingerprinting)
i'm getting details about p0f here http://lcamtuf.coredump.cx/p0f.shtml
download link http://lcamtuf.coredump.cx/p0f.tgz
readme http://lcamtuf.coredump.cx/p0f/README
DMitry (Deepmagic Information Gathering Tool)
available here http://www.mor-pah.net/index.php?file=projects/dmitry
Web Server Fingerprinting
httprint
available @ http://www.net-square.com/httprint/
Application Fingerprinting
unicornscan
available @ http://www.unicornscan.org
nmap
available @ http://www.insecure.org/nmap/
Service Identification
amap
available @ http://freeworld.thc.org/thc-amap/
Miscellaneous :
Perl script that ties nmap and amap together (http://packetstorm.linuxsecurity.com/UNIX/audit/multimap.pl )
nwrap available at http://isecom.securenetltd.com/nwrap.zip
Web Crawler
HTTrack,wget well-known
TO BE CONTINUE (Hope this save time)
0 comments:
Post a Comment