3 Information Gathering

Coding Studio

9 Nov 202214:03

Summary

TLDRThis instructional video script covers the essential techniques of information gathering during web penetration testing. It introduces tools like nmap for network mapping and scanning, Whois for domain owner identification, Dirsearch for discovering web application files and paths, Sublist3r for subdomain enumeration, and Google Hacking for advanced search queries. The script guides viewers on installing Kali Linux tools and using them to gather critical information about a target, enhancing the understanding of web security assessment processes.

Takeaways

📚 The session focuses on information gathering during web penetration testing, a crucial step to understand the components of a target web application.
🔍 Information gathering can reveal vulnerabilities that can be exploited in an attack.
🛠️ The tools introduced for information gathering include nmap for network mapping and scanning, Whois for domain owner information, Dirsearch for web path enumeration, Sublist3r for subdomain enumeration, and Google Hacking for advanced search queries.
🌐 Nmap is used to discover open ports and services on a target, with various options like '-sn' for a stealthy scan or '-p' for scanning specific ports.
🔎 Whois is a tool to find out the owner and registration details of a domain, which can provide insights into the target's identity.
📁 Dirsearch is utilized to find directories and files on a web application, which might be useful for further probing.
🔑 Sublist3r helps in identifying all the subdomains of a target, which can be a goldmine for discovering overlooked attack surfaces.
🔍 Google Hacking uses Google's search engine with specific queries to find sensitive information or vulnerabilities on the web.
💻 Installing Kali Linux, a penetration testing distribution, is suggested for those who do not have the tools, and it's available in the Windows Store.
📝 The script provides step-by-step instructions on how to use each tool, including command examples and potential outputs.
⚠️ There's a mention of potential issues like being blocked by antivirus software when performing certain scans, and the suggestion to try again or use different engines.
🔗 Google Hacking is not limited to Google; other databases like Exploit Database can also be used to find specific types of vulnerabilities or files.

Q & A

What is the main topic of the video script?
-The main topic of the video script is about information gathering during web penetration testing.
What is the purpose of information gathering in web penetration testing?
-The purpose of information gathering is to obtain details about a target, such as web applications, to understand its components and potentially exploit vulnerabilities for an attack.
Which tools are mentioned in the script for information gathering?
-The tools mentioned in the script for information gathering are nmap, Whois, Dirsearch, Sublist3r, and Google Hacking.
What is nmap and what is its primary function?
-Nmap, also known as Network Mapper, is a tool used for mapping networks and performing scans to discover the services and open ports available on a target.
How can one install the tools mentioned in the script if they don't have them?
-If one doesn't have the mentioned tools, they can install Kali Linux, which includes these tools, either from the Windows Store or by searching for 'Kali Linux' in the search bar on Windows.
What is the basic command to use nmap for scanning a target?
-The basic command to use nmap for scanning a target is 'nmap' followed by the target's domain name, for example, 'nmap example.com'.
What does the Whois tool provide?
-The Whois tool provides information about the owner of a service or domain, including the domain name, registration details, and the owning organization.
What is Dirsearch and what does it do?
-Dirsearch is a tool used for discovering directories and files on web applications by checking for the existence of a large number of possible file paths or directory structures.
How can Sublist3r help in information gathering?
-Sublist3r can help in information gathering by identifying all the subdomains owned by a target, which can provide additional points of entry or information about the target's infrastructure.
What is Google Hacking and how is it used?
-Google Hacking, also known as Google Dorking, is the use of advanced search operators on Google to find specific information on the internet, such as files, directories, or specific content that might be vulnerable or sensitive.
What issues might one encounter when using Sublist3r and how to overcome them?
-One might encounter issues like being blocked by antivirus software like VirusTotal when using Sublist3r. To overcome this, one can try using different search engines or continue attempts until successful, or ensure that the request is not being blocked.
What are some examples of Google Hacking operators or queries?
-Examples of Google Hacking operators or queries include 'site:', 'filetype:', 'inurl:', 'intitle:', and 'intext:', which can be used to narrow down search results to specific criteria.
How can one find more Google Hacking operators or queries?
-One can find more Google Hacking operators or queries by searching for 'Google Dorking' or 'Google Hacking techniques' on Wikipedia or other cybersecurity resources.

Outlines

00:00

🕵️‍♂️ Introduction to Web Penetration Testing Information Gathering

This paragraph introduces the concept of information gathering in the context of web penetration testing. It explains the importance of collecting data about a target web application to understand its components and potentially exploit vulnerabilities. The speaker outlines the tools that will be used in the session, including nmap for network mapping and scanning, Whois for domain owner identification, and Google hacking techniques. The paragraph also provides guidance on installing Kali Linux tools for those who do not have them, either through a full Kali Linux installation or the Windows Store's Terminal app. The speaker demonstrates how to use nmap with various options to scan a target like example.com and lists the services found, such as open ports and SMTP services.

05:02

🔍 Tools for Service Ownership and Web Path Discovery

The second paragraph delves into the use of specific tools for web penetration testing. It starts with 'Whois' to determine the owner of a service or website, exemplified by looking up the ownership details of example.com. The paragraph then moves on to 'Dirsearch' (referred to as 'dessert' in the script, likely a typographical error), a tool for discovering directories and files on a web application. The speaker explains how to use Dirsearch with various options and demonstrates its use on example.com, highlighting the process and the large number of files or paths that can be checked. The paragraph also touches on potential issues like being blocked by antivirus software and suggests using different search engines or continuing the search to overcome such obstacles.

10:05

🌐 Subdomain Enumeration and Google Hacking Techniques

This paragraph focuses on the use of 'Sublist3r' for subdomain enumeration, explaining how it can help identify all subdomains associated with a target domain, such as example.com or google.com. The speaker details the command-line usage of Sublist3r, including the use of specific flags to define the domain and search engine. The paragraph also addresses potential issues like being blocked by VirusTotal and suggests using alternative search engines or persistent attempts to retrieve the desired subdomains. The final part of the paragraph introduces Google hacking, or Google Dorking, as a method to exploit Google's search engine capabilities to find sensitive information using specific search operators. The speaker references resources like Wikipedia for Google Dork queries and mentions other databases like Exploit Database for additional search capabilities.

Mindmap

Keywords

💡Information Gathering

Information gathering is the process of collecting data about a target, such as a web application, to understand its components and potential vulnerabilities. In the context of the video, it is a crucial first step in web penetration testing, allowing the tester to identify what services and components the target possesses, which can later be exploited in an attack. The script mentions using various tools for this purpose, emphasizing its importance in the initial phase of assessing a target's security.

💡Web Penetration Testing

Web penetration testing refers to simulated cyber attacks against a web application to identify and exploit potential security vulnerabilities. The video's theme revolves around this concept, teaching viewers how to perform such tests. It is an essential practice in cybersecurity to ensure the integrity and security of web applications by ethically hacking them to discover and fix weaknesses.

💡Nmap

Nmap, short for Network Mapper, is a popular open-source tool used for network discovery and security auditing. In the video, it is highlighted as a primary tool for mapping networks and scanning for open ports and services on a target web application. The script provides examples of using Nmap to identify services like SMTP and HTTP on example.com, demonstrating its role in the information gathering phase of a penetration test.

💡Subdomain Enumeration

Subdomain enumeration is the process of identifying all subdomains associated with a primary domain. The script mentions using tools like Sublist3r to perform this task, which can reveal additional targets or entry points for an attacker. This is important in web penetration testing as it broadens the scope of potential vulnerabilities to be assessed.

💡Whois

Whois is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name. In the video, the tool 'Whois' is used to find out the owner of a service or domain, providing information that can be useful in understanding the target's background and legitimacy.

💡Google Hacking

Google hacking, also known as Google Dorking, involves using advanced Google search operators to find specific information on the web, which can include vulnerable web pages or sensitive files. The video script discusses using Google as a tool for security research, showing how specific queries can reveal information about web applications that might be exploited during a penetration test.

💡Sublist3r

Sublist3r is a python tool designed to enumerate subdomains of websites. The script describes using Sublist3r with various search engines to find subdomains of a target domain. This tool is valuable in the information gathering phase as it helps uncover additional assets that might be related to the main target and could be at risk.

💡Desert

Desert, in the context of the video, refers to a tool that can be used for directory and file enumeration on a web server. The script mentions using Desert to check for directories and files on example.com, which can help identify potential targets for further probing or exploitation.

💡Kali Linux

Kali Linux is a Linux distribution designed for digital forensics and penetration testing, which comes preloaded with many security tools. The video script provides instructions on how to install Kali Linux on Windows for those who do not have access to a full installation, highlighting its importance as a platform for running the various tools needed for web penetration testing.

💡VirusTotal

VirusTotal is a free online service that analyzes files and URLs for viruses, worms, trojans, and other types of malware, as well as potentially unwanted programs. In the script, it is mentioned in the context of blocking requests during subdomain enumeration with Sublist3r, indicating that security measures can sometimes interfere with penetration testing activities.

💡Exploits Database

The script refers to an 'Exploits Database', which is likely a reference to the Exploit Database, a non-profit project that provides an archive of security exploits and vulnerabilities. It is mentioned as a resource for finding Google Dorks, which can be used during Google hacking to identify potential vulnerabilities in web applications.

Highlights

Introduction to information gathering techniques in web penetration testing.

Information gathering is used to understand the components of a target web application.

Utilizing gathered information to potentially launch attacks on the target.

Overview of tools used for information gathering: nmap, Whois, Sublist3r, and Google Hacking.

Instructions on installing Kali Linux for those who do not have the tools.

How to install the Kali Linux app from the Windows Store.

Using nmap for network mapping and scanning with various options.

Demonstration of nmap usage with example.com as a target.

Explanation of Whois tool for finding out the owner of a service or website.

Sublist3r tool usage for discovering subdomains of a target.

Potential issues with virus total blocking requests during subdomain enumeration.

Google Hacking techniques using specific search queries to find vulnerabilities.

How to use Google Dorks for advanced searches to find specific file types or URLs.

Exploration of using Exploits Database for finding relevant Google Dorks.

Practical examples of Google Dorks for finding 'index of /' listings and 'super admin' URLs.

Encouragement to explore different Google Dork operators for specific findings.

Conclusion and anticipation for the next video in the series.