Add Your Heading Text Here

Let your plans be dark and impenetrable as night and when you move, hack like a thunderbolt

In the world of cybersecurity, almost every penetration tester  relies on information gathering tools on Kali Linux. Tools such as Network mapping or nmap, subbrute or sublister, the Harvester, and similar tools. Although these tools aid in gathering information of a particular target, there are other ways of gathering information of a target without the the use of these tools on Kali lInux. However, combining the following ways in addition to the tools on Kali Linux would be very effective for any penetration tester. As a former security researcher on Hackerone and Bugcrowd platforms, I heavily relied on both orthodox and unorthodox ways of gathering information without being detected.

1. Github  

Github is another great tool for gathering information on a target. You can search for a target name like Isacom.tld. By searching for target names such as the one mentioned previously, it reveals the type of documents and files pushed to github by the target. Perhaps these documents and files may contain information you need to test certain endpoints not on the public interface. Actually, Github could benefit any pentester interested in finding API keys of a target.

2.  Archive.org 

Searching for documents or files via Archive.org is another dumpster diving on the internet. Archive.org could help you find old files and documents such robots.txt, inactive subdomains, and other forgotten endpoints. This method allows you to find older functionalities belonging to certain endpoints or other subdomains of a host.  Usually, as a pentester, you can use or leverage on older functionalities to extend to other methods or functionalities.

3.  Shodan.io

Tools such as nmap allows pentesters to scan for ip addresses, open ports and closed ports, endpoints products and more. Shodan, too, has similar features of nmap. You can use shodan.io to scan for ip addresses, finds open and closed ports, and so on. In addition, Shodan has external tools such as Maltego Add-on. Maltego Add-on behaves like  Maltego on kali linux and host lookup features.

4. Censys.io  

  Apart from scanning ip addresses, open ports and closed ports, Censys.io, too, allows analyze asset such as SSL certificates belonging to a target. You can use censys.io application programmable interface to query execute SQL queries against a target IPV4 address. However, this particular api is reserved for verified researchers.

5. Amazon Web Services:

And finally, Let’s dwell on Amazon web services. Amazon web services host millions of assets belonging to corporate companies on its platform. As a pentester or security researcher, you can hopefully rely on amazon web services to find misconfigured  s3 buckets to allow external users to read and write to buckets belonging to an organisation. We trust the above methods could help you in gathering information on a target even if tools for information gathering on Kali Linux fails to do the job. Please this is for educational purpose only!

#ISA_informs

#ISA_ltd