top of page
Writer's pictureSai Narayan

Class Notes Day 4 - Open Source Reconnaissance Tools




Download material here


Certainly! Below, you'll find an introduction and the basic workings of each of the listed cybersecurity tools:


### 1. Goto Exploit DB


**Introduction**: Exploit Database is an extensive repository of exploits and vulnerable software. It is a valuable resource for cybersecurity professionals to find information on known vulnerabilities and exploits.


**Working**:

- Users can search for specific vulnerabilities by various criteria such as type, platform, date, and more.

- Cybersecurity researchers can submit new exploits to the database.

- It provides detailed documentation on each exploit, including the affected versions and platforms.


### 2. Whois Lookup


**Introduction**: Whois lookup is a tool that provides information about who owns a domain name and their contact information.


**Working**:

- Enter a domain name into the Whois lookup tool.

- It returns detailed information including the registrant, administrative contact, and technical contact, along with the domain's creation, expiration, and update dates.


### 3. BuiltWith


**Introduction**: BuiltWith is a tool that helps to identify the technologies used to build a particular website.


**Working**:

- Enter the URL of a website into BuiltWith.

- It returns information on the server, hosting, frameworks, plugins, analytics tools, and other technologies implemented on the website.


### 4. Robtex.com


**Introduction**: Robtex is a tool used for various domain/IP address research tasks, including DNS lookups and data analysis.


**Working**:

- Users can input a domain name or IP address to get detailed information such as DNS records, mail servers, and name servers.

- It also helps in identifying shared DNS servers and provides information on AS numbers.


### 5. IntoDNS.com


**Introduction**: IntoDNS is a tool that provides a comprehensive analysis of the DNS configuration for a given domain name.


**Working**:

- Input the domain name to analyze.

- It returns detailed reports on DNS configuration, health, and delegation, highlighting any detected issues and providing recommendations for resolution.


### 6. SSL Labs


**Introduction**: SSL Labs is a collection of tools and documentation to help organizations set up secure server SSL/TLS configurations.


**Working**:

- Utilize the SSL Server Test tool by inputting a domain name.

- The tool analyzes the server's SSL configuration and grades it based on the strength and correctness of the configuration.


### 7. SecurityHeaders.com


**Introduction**: SecurityHeaders.com is a free tool that allows users to analyze HTTP response headers for any website, assisting in identifying potential security flaws.


**Working**:

- Input a website URL.

- It returns a report on the HTTP headers and their configurations, with a focus on security-related headers, and offers suggestions for improvements.


### 8. Social-Searcher.com


**Introduction**: Social-Searcher is a tool that allows users to search for content across various social media platforms.


**Working**:

- Enter keywords, phrases, or hashtags in the search bar.

- The tool returns results from various social media platforms, giving insights into trends, mentions, and social media presence.


### 9. Shodan.io


**Introduction**: Shodan is a search engine for internet-connected devices, providing insights into the configuration and status of devices accessible over the internet.


**Working**:

- Users can search for devices based on criteria such as IP, port, service, geography, etc.

- It offers detailed information about each device, including services running, vulnerabilities, and more.


### 10. Wayback Machine


**Introduction**: The Wayback Machine is a digital archive of the World Wide Web, allowing users to see how web pages looked in the past.


**Working**:

- Enter a website URL into the Wayback Machine.

- It allows users to view archived versions of web pages at various points in time.


### 11. Osintframework.com


**Introduction**: OSINT Framework is a collection of free and publicly available resources aimed at helping individuals conduct open-source intelligence (OSINT) investigations.


**Working**:

- The website categorizes various OSINT tools and resources by their use-cases.

- Users can navigate through the categories to find the right tools for different OSINT tasks.


### 12. View Page Source in a Browser


**Introduction**: Viewing page source allows users to see the raw HTML and other code that makes up a web page.


**Working**:

- Right-click on a webpage and select "View Page Source" or use keyboard shortcuts (Ctrl+U for Windows, Command+Option+U for Mac).

- The browser displays the raw HTML, CSS, and JavaScript code of the webpage.


### 13. Robots.txt


**Introduction**: Robots.txt is a file that webmasters use to instruct web robots (such as search engine bots) how to crawl pages on their website.


**Working**:

- Access the robots.txt file by appending "/robots.txt" to a website URL (e.g., `https://www.example.com/robots.txt`).

- The file lists the areas of the site that are allowed or disallowed for web crawler access.


### 14. Sitemap.xml


**Introduction**: Sitemap.xml is a file where details of the pages of a website are listed to tell search engines about the organization of site content.


**Working**:

- Access the sitemap by appending "/sitemap.xml" to a website URL (e.g., `https://www.example.com/sitemap.xml`).

- The file provides information to search engines about the structure of the website, including URLs and metadata about each URL (like when it was last updated).


I hope this helps! Let me know if you have further questions.

15 views0 comments

Comments


bottom of page