3 Information Gathering

Coding Studio

9 Nov 202214:03

Summary

TLDRThis instructional video script covers the essential techniques of information gathering during web penetration testing. It introduces tools like nmap for network mapping and scanning, Whois for domain owner identification, Dirsearch for discovering web application files and paths, Sublist3r for subdomain enumeration, and Google Hacking for advanced search queries. The script guides viewers on installing Kali Linux tools and using them to gather critical information about a target, enhancing the understanding of web security assessment processes.

Takeaways

📚 The session focuses on information gathering during web penetration testing, a crucial step to understand the components of a target web application.
🔍 Information gathering can reveal vulnerabilities that can be exploited in an attack.
🛠️ The tools introduced for information gathering include nmap for network mapping and scanning, Whois for domain owner information, Dirsearch for web path enumeration, Sublist3r for subdomain enumeration, and Google Hacking for advanced search queries.
🌐 Nmap is used to discover open ports and services on a target, with various options like '-sn' for a stealthy scan or '-p' for scanning specific ports.
🔎 Whois is a tool to find out the owner and registration details of a domain, which can provide insights into the target's identity.
📁 Dirsearch is utilized to find directories and files on a web application, which might be useful for further probing.
🔑 Sublist3r helps in identifying all the subdomains of a target, which can be a goldmine for discovering overlooked attack surfaces.
🔍 Google Hacking uses Google's search engine with specific queries to find sensitive information or vulnerabilities on the web.
💻 Installing Kali Linux, a penetration testing distribution, is suggested for those who do not have the tools, and it's available in the Windows Store.
📝 The script provides step-by-step instructions on how to use each tool, including command examples and potential outputs.
⚠️ There's a mention of potential issues like being blocked by antivirus software when performing certain scans, and the suggestion to try again or use different engines.
🔗 Google Hacking is not limited to Google; other databases like Exploit Database can also be used to find specific types of vulnerabilities or files.

Q & A

What is the main topic of the video script?
-The main topic of the video script is about information gathering during web penetration testing.
What is the purpose of information gathering in web penetration testing?
-The purpose of information gathering is to obtain details about a target, such as web applications, to understand its components and potentially exploit vulnerabilities for an attack.
Which tools are mentioned in the script for information gathering?
-The tools mentioned in the script for information gathering are nmap, Whois, Dirsearch, Sublist3r, and Google Hacking.
What is nmap and what is its primary function?
-Nmap, also known as Network Mapper, is a tool used for mapping networks and performing scans to discover the services and open ports available on a target.
How can one install the tools mentioned in the script if they don't have them?
-If one doesn't have the mentioned tools, they can install Kali Linux, which includes these tools, either from the Windows Store or by searching for 'Kali Linux' in the search bar on Windows.
What is the basic command to use nmap for scanning a target?
-The basic command to use nmap for scanning a target is 'nmap' followed by the target's domain name, for example, 'nmap example.com'.
What does the Whois tool provide?
-The Whois tool provides information about the owner of a service or domain, including the domain name, registration details, and the owning organization.
What is Dirsearch and what does it do?
-Dirsearch is a tool used for discovering directories and files on web applications by checking for the existence of a large number of possible file paths or directory structures.
How can Sublist3r help in information gathering?
-Sublist3r can help in information gathering by identifying all the subdomains owned by a target, which can provide additional points of entry or information about the target's infrastructure.
What is Google Hacking and how is it used?
-Google Hacking, also known as Google Dorking, is the use of advanced search operators on Google to find specific information on the internet, such as files, directories, or specific content that might be vulnerable or sensitive.
What issues might one encounter when using Sublist3r and how to overcome them?
-One might encounter issues like being blocked by antivirus software like VirusTotal when using Sublist3r. To overcome this, one can try using different search engines or continue attempts until successful, or ensure that the request is not being blocked.
What are some examples of Google Hacking operators or queries?
-Examples of Google Hacking operators or queries include 'site:', 'filetype:', 'inurl:', 'intitle:', and 'intext:', which can be used to narrow down search results to specific criteria.
How can one find more Google Hacking operators or queries?
-One can find more Google Hacking operators or queries by searching for 'Google Dorking' or 'Google Hacking techniques' on Wikipedia or other cybersecurity resources.