Information Gathering Report

On

Target Website: http://www.asfaa.org/

Submitted to:
Ms. Tripti Mishra
Assistant Professor(SS)
Department of Systemics

Submitted By:
MANSI BISHT
R134217081
500061643
 1

TOOLS USED FOR INFORMATION GATHERING

1. RISKIQ

The RiskIQ Community Edition give digital threat hunters and defenders free access to our
comprehensive internet data to hunt digital threats against their organization. RiskIQ
Community Edition includes PassiveTotal and Digital Footprint community
editions.PassiveTotal allows Digital threat hunters access to the most comprehensive
intelligence and data available to track and shut down attackers.

Threat infrastructure and attack patterns change all the time, so having data automatically
linked and correlated means better coverage and faster means to response to investigations.

2. WHO.IS
Whois  is a widely used Internet record listing that identifies who owns a domain and
how to get in contact with them. The Internet Corporation for Assigned Names and
Numbers (ICANN ) regulates domain name registration and ownership. Whois records
have proven to be extremely useful and have developed into an essential resource for
maintaining the integrity of the domain name registration and website ownership
process.
A Whois record contains all of the contact information associated with the person, group, or
company that registers a particular domain name. Typically, each Whois record will contain
information such as the name and contact information of the Registrant (who owns the domain),
the name and contact information of the registrar Registrar (the organization or commercial
entity that registered the domain name), the registration dates, the name servers, the most recent
update, and the expiration date.

1
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,0
 2

3. HTTRACK
HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility.

It allows you to download a World Wide Web site from the Internet to a local directory,
building recursively all directories, getting HTML, images, and other files from the server to
your computer. HTTrack arranges the original site's relative link-structure. Simply open a
page of the "mirrored" website in your browser, and you can browse the site from link to
link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and
resume interrupted downloads. HTTrack is fully configurable, and has an integrated help
system.

4. DMITRY
DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line
Application coded in C. DMitry has the ability to gather as much information as possible about a
host. Base functionality is able to gather possible subdomains, email addresses, uptime
information, tcp port scan, whois lookups, and more.


 An Open Source Project.
 Perform an Internet Number whois lookup.
 Retrieve possible uptime data, system and server data.
 Perform a SubDomain search on a target host.
 Perform an E-Mail address search on a target host.
 Perform a TCP Portscan on the host target.
 A Modular program allowing user specified modules

3
2
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
5. NMAP
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and
security auditing. Many systems and network administrators also find it useful for tasks such as
network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network,
what services (application name and version) those hosts are offering, what operating systems
(and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of
other characteristics. It was designed to rapidly scan large networks, but works fine against
single hosts. Nmap runs on all major computer operating systems, and official binary packages
are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap
executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible
data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff),
and a packet generation and response analysis tool (Nping).
Heartbleed detection is one of the available SSL scripts. It will detect the presence of the well
known Heartbleed vulnerability in SSL services. Specify alternative ports to test SSL on mail
and other protocols

6. NETCRAFT
Netcraft is an internet services company based in Bath, England. Netcraft is funded through retained
profit and derives its revenue in the following ways:

 Providing internet security services, including anti-fraud and anti-phishing services, application
testing, code reviews, and automated penetration testing.
 Providing research data and analysis on many aspects of the internet. Netcraft has explored the
internet since 1995 and is a respected authority on the market share of web servers, operating
systems, hosting providers, ISPs, encrypted transactions, electronic commerce, scripting
languages and content technologies on the internet.
 Accepting advertising on the Netcraft web sites.

3
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
 7. RBLlookup
RBL lookup is a browser based RBL tool. It is used for discovering
if an IP address is on any of the more popular real-time blackhole lists
that we check for you.

To perform a RBL lookup on a domain name, you just type directly into

the RBL search box above.

We check the lists in real time and return the results to you as we receive
them.

8. WAYBACK MACHINE/ARCHIVE.ORG
Wayback Machine is a Web site that enables anyone to see what a particular Web site looked
like at some time in the past - from 1996 to the present. This enormous archive of the Web's
past requires over 100 terabytes of storage and contains 10 billion Web pages! The archive of
pages was originally gathered by the owners of the Alexa program, a toolbar you can install on
your PC that provides Web site information and ratings.

At the Wayback Machine site, you can search for and link to any of your favorite Web sites of
the past and find them preserved very much as they were at various "snapshots" in time. For
example, you can see how whatis.com looked in late 1996 and also at various times during
1997 and all the way to the present. (Occasionally, an ad that was served from another site will
be missing and we noticed a few graphic images missing from our original site.) In general,
however, the range and completeness of the archive is remarkable.

4
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
 5

9. CENSYS
Censys is a search engine that scans the Internet searching for devices and return aggregate
reports on how resources (i.e. Devices, websites, and certificates) are configured and
deployed. Censys, like Shodan, maintains a complete database of every device exposed on
the Internet. It represents a privileged instrument for the hackers that have to search for a
specific target and need to gather information on its configuration. At the same time,
security experts could easily locate poorly protected devices exposed over the internet.

10. SHODAN
Shodan is the search engine for everything on the internet. While Google and other
search engines index only the web, Shodan indexes pretty much everything else — web
cams, water treatment facilities, yachts, medical devices, traffic lights, wind turbines,
license plate readers, smart TVs, refrigerators, anything and everything you could
possibly imagine that's plugged into the internet
Some enterprises block Shodan from crawling their network, and Shodan honors such
requests. However, attackers don't need Shodan to find vulnerable devices connected to
your network. Blocking Shodan might save you from momentary embarrassment, but it
is unlikely to improve your security posture.

11. RECON-NG
Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with
independent modules, database interaction, built in convenience functions, interactive help, and
command completion, Recon-ng provides a powerful environment in which open source web-
based reconnaissance can be conducted quickly and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve
for leveraging the framework. However, it is quite different. Recon-ng is not intended to
compete with existing frameworks, as it is designed exclusively for web-based open source
reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social
Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-
ng! See the Usage Guide for more information

TARGET WEBSITE : http://www.asfaa.org/

Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081

5
 6

12. BLACK WIDOW

BlackWidow is a python based web application spider to gather subdomains, URL’s, dynamic
parameters, email addresses and phone numbers from a target website. This project also
includes Inject-X fuzzer to scan dynamic URL’s for common OWASP vulnerabilities

Automatically collect all URL’s from a target website

 Automatically collect all dynamic URL’s and parameters from a target website
 Automatically collect all subdomains from a target website
 Automatically collect all phone numbers from a target website
 Automatically collect all email addresses from a target website
 Automatically collect all form URL’s from a target website
 Automatically scan/fuzz for common OWASP TOP vulnerabilities
 Automatically saves all data into sorted text files

13. MALTEGO
Maltego is a unique platform developed to deliver a clear threat picture to the environment
that an organization owns and operates. Maltego’s unique advantage is to demonstrate the
complexity and severity of single points of failure as well as trust relationships that exist
currently within the scope of your infrastructure.
The unique perspective that Maltego offers to both network and resource based entities is
the aggregation of information posted all over the internet – whether it’s the current
configuration of a router poised on the edge of your network or the current whereabouts of
your Vice President on his international visits, Maltego can locate, aggregate and visualize
this information.

Maltego is a program that can be used to determine the relationships and real world links
between:

 People
 Groups of people (social networks)
 Companies
6
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
  Organizations
 Web sites
 Internet infrastructure such as:
 Domains
 DNS names
 Netblocks
 IP addresses
 Documents and files
 These entities are linked using open source intelligence.
 Maltego is easy and quick to install – it uses Java, so it runs on Windows, Mac and
Linux.
 Maltego provides you with a graphical interface that makes seeing these relationships
instant and accurate – making it possible to see hidden connections.
 Using the graphical user interface (GUI) you can see relationships easily – even if they
are three or four degrees of separation away.
 Maltego is unique because it uses a powerful, flexible framework that makes customizing
possible. As such, Maltego can be adapted to your own, unique requirements.

14. WIG
Wig is a web application information gathering tool, which can identify numerous Content
Management Systems and other administrative applications.
The application fingerprinting is based on checksums and string matching of known files for
different versions of CMSes. This results in a score being calculated for each detected CMS and
its versions. Each detected CMS is displayed along with the most probable version(s) of it. The
score calculation is based on weights and the amount of "hits" for a given checksum.
wig also tries to guess the operating system on the server based on the 'server' and 'x-powered-by'
headers. A database containing known header values for different operating systems is included
in wig, which allows wig to guess Microsoft Windows versions and Linux distribution and
version.

7
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081

8
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
 15. SMTP-ENUM-VRFY
smtp-user-enum is a tool for enumerating OS-level user accounts on Solaris via the SMTP
service (sendmail). Enumeration is performed by inspecting the responses to VRFY, EXPN
and RCPT TO commands. It could be adapted to work against other vulnerable SMTP
daemons, but this hasn’t been done as of v1.0.

Source: http://pentestmonkey.net/tools/user-enumeration/smtp-user-enum
smtp-user-enum Homepage | Kali smtp-user-enum Repo

Author: pentestmonkey License: GPLv2

The smtp-user-enum which provides 3 methods of user enumeration.The commands that this tool is
using in order to verify usernames are the EXPN,VRFY and RCPT.It can also support single username
enumeration and multiple by checking through a .txt list.So in order to use this tool effectively you will
need to have a good list of usernames.
 9

SNAPSHOTS OF EACH TOOL

1. RISKIQ

10

9
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
10

11

10
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
2. WHO.IS

11

12

11
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
3. HTTRACK

12

13

12
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
 4. DMITRY

13

14

13
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
5. NMAP

14

15

14
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
15
TARGET WEBSITE : http://www.asfaa.org/
6. NETCRAFT

16

Submitted to – Ms. Tripti Mishra

Submitted by – Mansi Bisht, 500061643,081
7. RBLLOOKUP

16

16
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
 17

8. WAYBACK MACHINE/ARCHIVE.ORG

17

17
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
 18

9. CENSYS

18

19

18
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
19

20

19
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
20

21

20
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
21

21
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
 22

8. SHODAN

23

22
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
 23

23

23
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
 24

11. RECON-NG

24

24
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
 25

12. BLACK WIDOW

25

26

25
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
13.MALTEGO

26

27

26
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
14.WIG

15. SMTP-ENUM-VRFY

27

29

27
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081
28

28
TARGET WEBSITE : http://www.asfaa.org/
Submitted to – Ms. Tripti Mishra
Submitted by – Mansi Bisht, 500061643,081