Sunny Jovita – 2301939046
Week 5
Disclaimer: This blog is for educational purposes only.
On the 19th March 2021, which was the 5th week of Ethical Hacking and Penetration Testing course, I learned about some great penetrating tools such as:
- TheHarvester
- Maltego
- CloudFail
TheHarvester
The purpose of this tool is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, and etc. It is really useful for anyone that wants to know what an attacker can see about their organization/company.
To use theharvester, we can use this syntax :
- cd theHarvester
- Python3 theHarvester.py -d domain.com -l range -b all
Maltego
Maltego is a platform or program that can be used to determine the relationships and real world links between :
- People, social networks, companies, organiations
- Websites, domains, DNS names, Ip addresses
- Documents, files, etc
Maltego saves our time since it makes us work more accurately and smarter to gather all security related work.
CloudFail
It utilizes misconfigured DNS and old database records to find hidden IP’s behind the CloudFlare network.
Example:
In here, I tried to find the real ip address of hackme.pentest.id
- Firstly, I tried to find the ip address first, using mxtoolbox.com and I figured out that the ip address was from CloudFlare.
- Second, I used the CloudFail tool to discovered what is the real ip address.
- Python3 cloudfail.py –target hackme.pentest.id –tor
It says that the hackme.pentest.id is part of the CloudFlare Network. By using this tool, it will show us the real ip address of a website behind CloudFlare.
