قالب وردپرس درنا توس
Home / Tips and Tricks / How to use the Python tools to enlighten on a Web target by null byte :: WonderHowTo

How to use the Python tools to enlighten on a Web target by null byte :: WonderHowTo



Enlightenment is one of the most important and often time-consuming aspects of planning an attack on a target.

Two Python-coded reconnaissance tools let you explore in seconds how a Web site or website works Server may be vulnerable. Regardless of which platform you work on, ReconT and FinalRecon give you amazing results.

What can Recon reveal?

It can be tempting for a hacker or pentester to attack an online target, such as a website or web server, without spending too much time on recon. An attack without reconnaissance is almost always a difficult task, as the time spent studying the goal can be used to determine the best action plan based on the available attack surface. It does not make sense to look for the hardest-defended parts of the target when a vulnerable area needs significantly fewer resources to get a better result.

Do Not Miss: Destroying Target's Email Addresses with TheHarvester [19659006] The easiest way to hack an online destination is to spend enough time investigating it to understand which attack surfaces are available and which compromise plan offers the best chance of success. A talented hacker will not always play to his strengths and use the same trick. Instead, they formulate a plan that requires the least amount of effort by focusing first on the weakest part of the security of the target.

FinalRecon

Our main goal as a hacker is to identify services that we can attack and evaluate them for vulnerabilities. These vulnerabilities could be SSH or FTP servers with weak credentials running services with known vulnerabilities and links to external resources that could be a hotspot. With a few simple checks, it's easy to find information about a web-based destination, including IP addresses, subdomains, and potentially vulnerable services running on different ports.

For hackers who want to organize their recovery, FinalRecon is an excellent solution tool that automates your results into concise reports of discovered IP addresses, services, and subdomains. FinalRecon is not only cross-platform, easy to install and use, it also makes it easier to understand and use the results in subsequent scans.

ReconT

The amount of information ReconT returns from a destination can be overwhelming, but the strength of this tool lies in the details of the clues it discovers. ReconT is a bit harder to use – it does not store the results of scans in a nice folder like FinalRecon. Pouring information from ReconT can be far more detailed than what FinalRecon detects, locating SSH servers, and identifying the types of service running on the target.

Since both tools work in different ways, they complement each other nicely, since the installation is almost identical for everyone. You can also use them on any system where Python3 is installed. Let's take a look at the functionality and capabilities of these programs:

What you need

To use these tools, you can run a Windows, Linux, or MacOS computer with Python3 installed. I imagine that this also works on mobile devices with Python3 installed and the ability to load libraries.

You need an Internet connection for this to work because data is being collected from external sites.

Step 1: Install FinalRecon

FinalRecon is an incredibly easy to install tool, assuming you have Python3 on your system. In this case, only a few commands in a new terminal window are required for the installation.

Using the following commands Install the files from the GitHub repository, move them to the newly created directory, and then install then all the libraries required to run FinalRecon.

  git clone https://github.com/thewhiteh4t/FinalRecon.git
cd FinalRecon
pip3 install -r requirements.txt 

Once this is complete, you can access the Help menu by running the finalrecon.py program with argument – help .

  python3 finalrecon.py Help
Usage: finalrecon.py [-h] [--headers] [--sslinfo] [--whois] [--crawl] [--full]
                       url

FinalRecon - OSINT tool for all-in-one Web Recon | v1.0.0

Positional arguments:
URL destination URL

optional arguments:
-h, --help View and exit this help message
--headers Gets header information
--sslinfo retrieve SSL certificate information
--whois Get Whois Lookup
- Crawl the destination website
Get Full Analysis, Test All Available Options 

Here are the different arguments available for the program. We can crawl targets, search for whois information, and retrieve data about the SSL certificate used by a site.

Step 2: Scanning a Target

For our tests, we use the – full flag since all the tests listed above are performed. You can also choose any argument to get more accurate results.

To scan our target, enter the following command and follow the selected argument – the – full In our case, mark the site you want to scan and add it. In this example, we look on the Equifax information page for vulnerabilities in their cybersecurity incident from 2017.

  Dell-3: FinalRecon skickar $ python3 finalrecon.py --full www.equifaxsecurity2017.com

______ __ __ ______ __
/  ___  /   /  "-.   /  __  /  
  __ \  \   -. \  __ \   ____
  _    _ \  _ \ " _ \  _   _ \  _____ 
 / _ /  / _ /  / _ /  / _ /  / _ /  / _ /  / _____ /
______ ______ ______ ______ __ __
/  ==  /  ___  /  ___  /  __  /  "-.  
  __ <    __   ____  / \  -.  
  _ _\ _____\ _____\ _____\ _\"_
  /_/ /_/ /_____/ /_____/ /_____/ /_/ /_/

[>] Created by: thewhiteh4t
[>] Version: 1.0.0

[+] Destination: www.equifaxsecurity2017.com

[+] IP address: 107.162.143.246

[+] Headings:

[+] Date: Tuesday, May 28, 2019, 05:46:40 GMT
[+] Last Modified: Wed, Sep 19th 2018, 08:36:08 GMT
[+] ETag: "4c7c-576354c3d8e00-gzip"
[+] Acceptance Areas: Bytes
[+] Vary: Accept encoding
[+] Content encoding: gzip
[+] Content Security Policy: connect-src & # 39; self & # 39 ;; object-src # none & # 39 ;; base-uri & # 39; none & # 39 ;; Frame ancestor & # 39; none & # 39 ;; Upgrade-insecure inquiries; require-sri-for script style
[+] Strict transport safety: maximum age = 31536000
[+] Referral Policy: Strict origin, if origin
[+] X-Content-Type Options: nosniff
[+] X-Frame Options: SAMEORIGIN
[+] Content length: 5006
[+] Keep-Alive: Timeout = 5, max = 100
[+] Connection: Keep-Alive
[+] Content Type: Text / HTML
[+] Via: 1.1 sjc1-bit9
[+] Set-Cookie: TS01fdad5b = 019de3c5d98fcded635d58847700d53c74fdb5b04b2928345f95296b43668a2b714cc0e124; Path = /; To back up; Only HTTP

[+] Information about the SSL certificate:

[+] countryName: US
[+] stateOrProvinceName: GA
[+] localityName: Alpharetta
[+] Name of the organization: Equifax Inc.
[+] Organizational unit name: Global security
[+] commonName: www.equifaxsecurity2017.com
[+] countryName: US
[+] Organization name: DigiCert Inc
[+] commonName: DigiCert SHA2 Secure Server Certification Authority
[+] Version: 3
[+] Serial Number: 04672E2D49D32A5CD99FCC6B50D4B688
[+] Not before: 22.01. 00:00:00 2019 GMT
[+] Not later than: Jan 27th 12:00:00 PM 2020 GMT
[+] OCSP: (& # 39; http: //ocsp.digicert.com&#39 ;,)
[+] Subject Old Name: ((& # 39;, DNS & # 39 ;, www.equifaxsecurity2017.com & # 39 ;, & # 39;, & # 39; equifaxsecurity2017.com & # 39; equifaxsecurity2017.com & # 39; 39)
[+] CA Exhibitor: (& # 39; http: //cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt&#39;)
[+] CRL distribution points: (& # 39; http: //crl3.digicert.com/ssca-sha2-g6.crl&#39 ;, & # 39; http: //crl4.digicert.com/ssca-sha2 -g6.crl & # 39)

[+] Whois Search:

[+] NIR: None
[+] ASN register: arin
[+] ASN: 55002
[+] ASN CIDR: 107.162.143.0/24
[+] ASN country code: USA
[+] Delivery date: 2013-12-19
[+] ASN Description: DEFENSE-NET - Defense.Net, Inc, US
[+] CIDR: 107.162.0.0/16
[+] Name: DEFENCE-NET
[+] handle: NET-107-162-0-0-1
[+] Range: 107.162.0.0 - 107.162.255.255
[+] Description: Defense.Net, Inc
[+] Country: USA
[+] State: WA
[+] City: Seattle
[+] Address: 501 Elliott Avenue West
[+] Postcode: 98119
[+] Emails: ['netops@defense.net']
[+]   Created on: 2013-12-19
[+] updated on: 2013-12-19

[+] Crawling target ...

[+] Search for robots.txt ........ [ Not Found ]
[+]   Search for sitemap.xml ....... [ Not Found ]
[+]   Extract CSS links .......... [19659031] Extract Javascript links ... [ 3 ]
[+]   Extract internal links ..... [ 0 ]
[+]   Extract external links ..... [ 12 ]
[+]   Extract images ............ [ 3 ]

[+]   Total links extracted: 19

[+] Dumping links in /Users/skickar/FinalRecon/dumps/www.equifaxsecurity2017.com.dump
[+] Completed! 

Step 3: Examine the results

Now we can check out the dumps folder to find information that was output when the target was scanned. Here we can see the links that the tool has collected. To display this, you can enter CD Dumps to go to the folder. Logs are stored in. Then use cat to view the contents of the log.

  Dell 3: Dumps skickar $ cat www.equifaxsecurity2017.com.dump
URL: http://www.equifaxsecurity2017.com

Title: Cybersecurity Incident & Important Consumer Information | Equifax

Robot Links: 0
Sitemap Links: 0
CSS links: 1
JS Links: 3
Internal links: 0
External links: 12
Pictures Links: 3
Total links found: 19

CSS:

//assets.equifax.com/efxsecurity2017/css/style.css

javascript:

//assets.equifax.com/efxsecurity2017/js/script.js
//assets.equifax.com/efxsecurity2017/js/jquery-migrate.min.js
//assets.equifax.com/efxsecurity2017/js/jquery.js

External links:

http://equifax.com/personal/products/credit/credit-lock-alert
https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp
https://www.experian.com/freeze/center.html
https://trustedidpremier.com/eligibility/eligibility.html
https://equifax.com
https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp
http://www.equifax.com/privacy/fcra
https://www.equifax.com
https://trustedidpremier.com/static/terms
http://www.annualcreditreport.com/
http://www.optoutprescreen.com
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Images:

//assets.equifax.com/global/images/logos/logo_EFX_TM.png
//assets.equifax.com/global/images/tagline/english_185x10.png
//assets.equifax.com/global/images/logos/logo_white_123x24.png[19659021)HoweverwecouldidentifyinternalexternalLinksimagefilesJavaScriptCodeandCSSinformationsThisWebsitedoesn'tcontainthefile robots.txt  or  sitemap.xml  which usually contains many subdomains and links contains. Therefore, the number of links found is less than you can expect. Most websites. 

Do Not Miss: Researching a Person or Organization Using the Operational Framework

The next step in this review would be to search the links found for vulnerabilities or to search through Javascript or CSS code we could find.

Step 4: Install ReconT

Next, we'll use ReconT to scan another destination. I like ReconT a lot, but one thing I noticed is that it does not create a "dump" folder where the results are saved as in FinalRecon. Nevertheless, I find that there are more results, many of which are very useful. It's worth using, even if it's a little less user-friendly. Fortunately, there is an easy way to get around this trouble.

To fix this, we create a dump file when we run it. First, let's install the program by first changing the directories to prevent it from being installed in the FinalRecon folder. In a new terminal window, type cd and then the following commands to install ReconT.

  git clone https://github.com/jaxBCD/ReconT.git
To do this, install python3 nmap
pip3 install -r requirements.txt 

After we have installed the requirements for the execution, we can check out the help file with the following command:

  python3 reconT.py --help
Usage: reconT.py [OPTIONS] TARGET

options:
--timeout INTEGER Waiting time before timeout connections in seconds
--proxy TEXT if Use a proxy, eg: 0.0.0.0:8888if with auth
0.0.0.0:8888@user:password
--cookies TEXT if you use comma delimited cookies to get the
requestex: PHPSESS: 123, account = true
--help Display and exit this message. 

As you can see, there is no way to save the results or make many adjustments. You specify a target and it is scanned with intensity.

Step 5: Scan a target and transfer the results to a file

Using the command python3 reconT we can now perform a scan .py and then the name of the target to be scanned. The scan can output a lot of data, many of which are interesting, but it can take a long time to scroll back to the terminal to access it.

To ensure that we can capture and retrieve them, we can use ] cat to redirect the output to a new text file. To do this we add the pipe symbol or | and then cat> example.txt to redirect the output of our Recon scan to a text file.

When you run the command, approximately the following should be displayed.

  python3 reconT.py https://www.equifaxsecurity2017.com/ | cat> equifux.txt
[+] From 2019-05-27 23: 04: 01.954237
[+] Collecting information at: https://www.equifaxsecurity2017.com/
[#] Status: 200
[#] Find a place ..!
[#] as: AS55002 Defense.Net, Inc
[#] City: Seattle
[#] Country: United States
[#] countryCode: US
[#] isp: Defense.Net
[#] lat: 47.623
[#] lon: -122,365
[#] org: Defense.Net, Inc
[#] Query: 107.162.143.246
[#] Region: WA
[#] regionName: Washington
[#] Status: Success
[#] Time Zone: America / Los_Angeles
[#] zip: 98119
[x] WAF presence on: https://www.equifaxsecurity2017.com/ not recognized
[#] Starting Reverse DNS
[!] Found 1 domain
[!] Scanning an open port
[#] 21 / tcp open ftp
[#] 80 / tcp open http
[#] 443 / tcp open https
[#] 554 / tcp open rtsp
[#] 7070 / tcp open real server
[+] Get SSL information
[+] Disclose disclosure of information!
[#] Determine the file sitemap.xml
[-] sitemap.xml file not found!?
[#] Detecting the robots.txt file
[-] robots.txt file not found !?
[#] Detecting GNU Mailman
[-] GNU Mailman app not recognized!?
[+] Crawl URL parameters enabled: https://www.equifaxsecurity2017.com/
[#] Search for HTML Form!
[-] No HTML form found!?
[!] 11 dom parameters found
[#] https://www.equifaxsecurity2017.com//#
[#] https://www.equifaxsecurity2017.com//#
[#] https://www.equifaxsecurity2017.com//#
[#] https://www.equifaxsecurity2017.com//#
[#] https://www.equifaxsecurity2017.com//#
[#] https://www.equifaxsecurity2017.com//#
[#] https://www.equifaxsecurity2017.com//#
[#] https://www.equifaxsecurity2017.com//#
[#] https://www.equifaxsecurity2017.com//#
[#] https://www.equifaxsecurity2017.com//#
[#] https://www.equifaxsecurity2017.com//#
[-] No internal dynamic parameter found !?
[!] 1 External dynamic parameter detected
[#] https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C700%2C700i&ver=4.9.2
[!] 17 internal links discovered
[+] https://www.equifaxsecurity2017.com/
[+] https://www.equifaxsecurity2017.com////fonts.googleapis.com
[+] https://www.equifaxsecurity2017.com////s.w.org
[+] https://www.equifaxsecurity2017.com////assets.equifax.com/efxsecurity2017/css/style.css
[+] https://www.equifaxsecurity2017.com/
[+] https://www.equifaxsecurity2017.com/
[+] https://www.equifaxsecurity2017.com/es/hogar/
[+] https://www.equifaxsecurity2017.com// "class =
[+] https://www.equifaxsecurity2017.com//es/hogar/
[+] https://www.equifaxsecurity2017.com//contact/
[+] https://www.equifaxsecurity2017.com//consumer-notice/
[+] https://www.equifaxsecurity2017.com//updates/
[+] https://www.equifaxsecurity2017.com//questions/
[+] https://www.equifaxsecurity2017.com//contact/
[+] https://www.equifaxsecurity2017.com//contact/
[+] https://www.equifaxsecurity2017.com//consumer-notice/
[+] https://www.equifaxsecurity2017.com//privacy-policy/
[!] 12 External links discovered
[#] https://www.equifax.com
[#] https://equifax.com
[#] https://trustedidpremier.com/eligibility/eligibility.html
[#] http://www.annualcreditreport.com/
[#] https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
[#] https://www.experian.com/freeze/center.html
[#] https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp
[#] http://equifax.com/personal/products/credit/credit-lock-alert
[#] https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp
[#] http://www.optoutprescreen.com
[#] https://trustedidpremier.com/static/terms
[#] http://www.equifax.com/privacy/fcra
[#] Get host information
[+] + DNS server
[+] + MX records
[+] + TXT records
[+] Subdomain information
[!] Done on 2019-05-27 23: 04: 31.246591 

That's a lot of data! We have already found many more internal links than FinalRecon. To see what we found, we can reuse the command cat to see the information in the log.

  cat equifux.txt

__ _____ _
/ __  ___ ___ ___ _ __ / __  ___ ___ | | // \
/  // / _  / __ | / _  | _  _____ / /  / / _  / _  | | _ \ () // _
/ / | __ / | (__ | (_) || | || _____ | / / (_) || (_) || / _ // \ _ 
 /    ___ |  ___ |  ___ / | _ | | _ |  /  ___ /  ___ / | _ | /  __ / 
 / (Reconnaisance ToolKit 0.7)

(from): 407 Authentic Exploit
(Code name): JaxBCD

--------------------------------------------------
- Date: Tuesday, May 28, 2019, 06:04:02 GMT
- Last modified: Wed, September 19, 2018, 08:36:53 GMT
- ETag: "4c7c-576354eec3340-gzip"
- Accept-Ranges: Bytes
- Vary: accept-encode
- Content coding: gzip
- Content security policy: connect-src & # 39; self & # 39 ;; object-src # none & # 39 ;; base-uri & # 39; none & # 39 ;; Frame ancestor & # 39; none & # 39 ;; Upgrade-insecure inquiries; require-sri-for script style
- Strict transport safety: maximum age = 31536000
- Referrer Policy: Strict origin, if cross-origin
- X-Content-Type options: nosniff
- X-frame options: SAMEORIGIN
- Length of content: 5006
- Keep-Alive: Timeout = 5, max = 100
- Connection: Keep-Alive
- Content Type: Text / HTML
- Via: 1.1 sjc1-bit9
- Set-Cookie: TS01fdad5b = 019de3c5d9c64b5e73b7e4be48076da79d4febd1135512dc84d342b6684ed5c9ead6014793; Path = /; To back up; Only HTTP
--------------------------------------------------
--------------------------------------------------
--------------------------------------------------
- equifaxsecurity2017.com
--------------------------------------------------
--------------------------------------------------
{& # 39; OCSP & # 39 ;: (& # 39; http: //ocsp.digicert.com&#39 ;,)
& # 39; caIssuers & # 39 ;: (& # 39; http: //cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt&#39;),
& # 39; crlDistributionPoints & # 39 ;: (& # 39; http: //crl3.digicert.com/ssca-sha2-g6.crl&#39 ;,
"Http://crl4.digicert.com/ssca-sha2-g6.crl")
& # 39; issuer & # 39 ;: (((& # 39; countryName & # 39 ;, & # 39; US & # 39 ;,),)
((& # 39; organizationName & # 39 ;, & # 39; DigiCert Inc & # 39 ;,),
((CommonName), DigiCert SHA2 Secure Server CA (),)),
& # 39; notAfter & # 39 ;: Jan 27 12:00:00 2020 GMT & # 39 ;,
"notBefore": "Jan 22 00:00:00 2019 GMT",
& # 39; serialNumber & # 39 ;: & # 39; 04672E2D49D32A5CD99FCC6B50D4B688 & # 39 ;,
& # 39; subject & # 39 ;: (((& # 39; countryName & # 39 ;, & # 39; US & # 39;),),
((& # 39; stateOrProvinceName & # 39 ;, & # 39; GA & # 39 ;,),
((& # 39; localityName & # 39 ;, & # 39; Alpharetta & # 39;),),
((& # 39; organizationName & # 39 ;, & # 39; Equifax Inc. & # 39 ;,),
((& # 39; organizationUnitName & # 39 ;, & # 39; Global Security & # 39;),),
((Common name, # 39; www.equifaxsecurity2017.com #),)),
& # 39; subjectAltName & # 39 ;: ((& # 39; DNS & # 39 ;, www.equifaxsecurity2017.com & # 39;),
("DNS", "equifaxsecurity2017.com")
& # 39; version & # 39 ;: 3}
----- CERTIFICATE BEGIN -----
MIIGYjCCBUqgAwIBAgIQBGcuLUnTKlzZn8xrUNS2iDANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTkwMTIyMDAwMDAwWhcN
MjAwMTI3MTIwMDAwWjCBhjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkdBMRMwEQYD
VQQHEwpBbHBoYXJldHRhMRUwEwYDVQQKEwxFcXVpZmF4IEluYy4xGDAWBgNVBAsT
D0dsb2JhbCBTZWN1cml0eTEkMCIGA1UEAxMbd3d3LmVxdWlmYXhzZWN1cml0eTIw
MTcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0zwSjfV + Lm6
IB1X4PaRfaMAGaXtcH2pkcak2dnb0DFj7AbK21F7ku8j9nVqmu128OY0xpppJaEY
k + GEm + PllHdusQ9zjnoxb5fsyRn9wLv7tthL9U5TRAy8XlzqIYzb3r3LndvGcAGg
8ppQ2G5rc7jyVRMRsrVj5kFwARUKN8cPwOARAAguHLPlKHt5cRmQwaa7lidNYgGH
btbecOXnVBTdl4TOdRj54hwDp3A8W3nk4Grh4BlKDtTq9ofgkwFdK7rkOIizE2L9
G7rUohRXSSnBRqu1eRCsz27aCNfuCPp7fU51 // 7g8LGpE9lYv8gyZaBtJ9l + MYPb
4rB1H + qWBwIDAQABo4IDAjCCAv4wHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0
LOHG2eIwHQYDVR0OBBYEFJyeFApXpA + yYhNk5EEk8xQQd + EDMD8GA1UdEQQ4MDaC
G3d3dy5lcXVpZmF4c2VjdXJpdHkyMDE3LmNvbYIXZXF1aWZheHNlY3VyaXR5MjAx
Ny5jb20wDgYDVR0PAQH / BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjBrBgNVHR8EZDBiMC + gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20v
c3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggr
BgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIw
fAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E
aWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH / BAIwADCCAQMG
CisGAQQB1nkCBAIEgfQEgfEA7wB1ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCW
ZDaOHtGFAAABaHZCdYIAAAQDAEYwRAIgfrqIzZ8q3PFda1kZu2bhe2tS + l9yv4yW
LM3EiuqprvgCIDTQlt7CqSk6DBhhjcjAMpxMlTi1TcLMFaIPihD / cxXsAHYAh3W /
5118 + IxDmV + 9827 / Vo1HVjb / SrVgwbTq / 16ggw8AAAFodkJ2RgAABAMARzBFAiAu
A / LoVVdyb5otLUqDjeftK5Ol / rEbqlRCWkr1TEGADgIhAI80OnV / + diQducBV3Fn
cP / tPGmugDgDwwHquTAupzu / MA0GCSqGSIb3DQEBCwUAA4IBAQCuScje9IpWeukH
ikTULK6K / hWyDASwWc5rYDlns7oqutJV9Qf9LKNjtLs411tXfiHTK78yzDzd4YcN
j9FhLtIO0iW7xGTCn69JXWS9i9fNaUuPnZIddj6wyAOZV2lc3x2wf4P5WHglf4Qf
KKNUbSuVwn7NVTpOBEno65cHHap / ZDabcLUwZvfT0S6y4oWOJCST / bK1n0rxd5zx
LMc ++ uDObJn2588clgamF85L7FIyk8 / nmEX5TrtNYvQwTpEo4hYV8H55qnuU1nJ1
zcmBDWrf0sMmcvpOWk1Sr66cJf1AXEtqLikOYyBij9FRadeHL7mSWW59 / Wg2uNHi
RhUloSDx
----- EXIT CERTIFICATE -----

--------------------------------------------------
--------------------------------------------------
--------------------------------------------------
--------------------------------------------------
--------------------------------------------------
--------------------------------------------------
--------------------------------------------------
--------------------------------------------------
--------------------------------------------------
Found: 1 subdomain
- equifaxsecurity2017.com
--------------------------------------------------

pdns105.ultradns.org.

156.154.67.105pdns105.ultradns.orgAS12008 NeuStar, Inc.United States
pdns105.ultradns.com.

156.154.64.105pdns105.ultradns.comAS12008 NeuStar, Inc.United States
a2.verisigndns.com.

209.112.114.33a22.verisigndns.comAS36616 VeriSign Global Registry ServicesUnited States
a3.verisigndns.com.

69.36.145.33pdns2.cscdns.netAS36617 VeriSign Global Registry ServicesUnited States
pdns105.ultradns.net.

156.154.65.105pdns105.ultradns.netAS12008 NeuStar, Inc.United States
a1.verisigndns.com.

209.112.113.33a11.verisigndns.comAS36616 VeriSign Global Registry ServicesUnited States
pdns105.ultradns.biz.

156.154.66.105ns3.eurodns.comAS12008 NeuStar, Inc.United States

--------------------------------------------------

--------------------------------------------------

equifaxsecurity2017.com

107.162.143.246AS55002 Defense.Net, Inc United States

-------------------------------------------------- 

Here we can see that we have found other services and information about the certificate. We also learned more about the content hosted on the site. All of this could be useful to a hacker looking for a chance to attack.

Recon is an essential hacking ability that is easier with Python. Both ReconT and FinalRecon can identify key details about a target that a hacker can use to determine the easiest way to attack a system. After collecting details about the services running on a target, you can list more promising results with more active education such as Nikto.

I hope you liked this guide to conducting reconnaissance with cross-platform Python tools! If you have questions about this tutorial at Recon, leave a comment below, and contact me on Twitter @KodyKinzie .

Do not miss: Use Maltego to create a complete fingerprint Network using only a domain name

Cover photo and screenshots of Kody / Null Byte




Source link