Apr 26, 2011

Tools that Help Information Gathering...

Hai friends, Its been quite a time I updated my blog. Eventhough I only have a very few daily readers I am extremely sorry for making delay in updating my blog..But today I bring an exciting post which I had got from a technical workshop 'HACKSEC' which was conducted in our college.. I am extremely thankful  to Mr.Saket Modi who has delivered us a wonderful session...
                  Now let me get into the topic.Information Gathering Is initial process as far as hacking & investigation is concerned. It is the process of profiling any organization , system , server or an individual using methodological procedure.
Information gathering is used by attacker as well as investigator to get more information about target.

Attackers point of view:
Attacker will first gather initial information like domain name , IPaddress , Network IP range , operating system , services , control panel information , vulnerable services etc before attacking into system.

                                Footprinting is required to ensure that isolated information repositories that are critical to the attack are not overlooked or left undiscovered. Footprinting merely comprises on aspect of the entire information gathering process, but is considered one of the most important stages of a mature hack.
Attacker will take 90% of time in information gathering & only 10% of time while attacking & gaining an access to the system

Investigator‟s Point of view:
Investigator will gather initial information like traces of criminal on an internet, about his name, occupation, address, contact number about his/her company/organization before taking any legal action.
This will help investigator to profile the criminal & his/her activities properly during interrogation.

Following are the various methodologies for information gathering.

1. Information Gathering using Search engine:
“One leaves footprints/information everywhere while surfing internet”. this is basic principle for investigators as well as hackers. the only difference is the way they use this information.
Attacker will gather information about the system, operating system, about vulnerable application running on them & later on exploit it.
Investigator will gather information on how he got an access to system & where he left his/her footprint behind on the same system & later on traced it.
Search engine are most powerful tool to search about any individual, organization & system
Following are the list of top 10 search engines:

  1. Google Search –World‟s most powerful search engine: www.google.com
  2. Yahoo Search: www.search.yahoo.com
  3. MSN Live Search: www.live.com
  4. AOL Search: www.search.aol.in
  5. Ask Search: www.ask.com
  6. Altavista Search: www.altavista.com
  7. Fast Search : www.alltheweb.com
  8. Gigablast : www.gigablast.com
  9. Snap Search: www.snap.com

2. Information gathering using relational search engine.
These type of search engines gets results from different search engine & make relation or connections between those results.


Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool in the forensics.security and intelligence fields! Maltego offers the user with unprecedented information. Information is leverage.

People Search – Investigator can find personal information using people search.
People search will give information about phone number, address as well as background info about the organizations.
Yahoo People Search - www.people.yahoo.com


Whois Lookup:
WHOIS (pronounced "who is"; not an acronym) is a query/response protocol which is widely used for querying an official database in order to determine the owner of a domain name, an IP address, or an autonomous system number on the Internet. WHOIS lookups were traditionally made using a command line interface, but a number of simplified web-based tools now exist for looking up domain ownership details from different databases. Web-based WHOIS clients still rely on the WHOIS protocol to connect to a WHOIS server and do lookups, and command-line WHOIS clients are still quite widely used by system administrators. WHOIS normally runs on TCP port 43.
Presently ICANN is undertaking a study to determine the uses and abuses of WHOIS information. Other studies that are ongoing concern the accuracy of WHOIS information, and the effectiveness of the processes for reporting inaccurate public WHOIS information.

Querying Regional Internet Registries:
WHOIS servers belonging to Regional Internet Registries (RIR) can be queried to determine the Internet Service Provider responsible for a particular IP address. These servers are:
ARIN - http://whois.arin.net
RIPE NCC - http://www.ripe.net/whois/
APNIC - http://whois.apnic.net
LACNIC - http://whois.lacnic.net
AfriNIC - http://whois.afrinic.net
The records of each of these registries are cross-referenced, so that a query to ARIN for a record which belongs to RIPE will return a placeholder pointing to the RIPE WHOIS server. This lets the WHOIS user making the query know that the detailed information resides on the RIPE server. Apart from the RIRs mentioned above, there is also a commercial global service: Routing Assets Database used by some large networks (eg. large internet providers that acquired other ISPs in several RIR areas).

Domain Tools:


Reverse IP Mapping:
Reverse IP mapping is the method to find number of websites hosted on same server.
Here by selecting the Reverse IP link we can get list of websites hosted on an IP address.
Trace Route:
Traceroute gives useful information regarding number of servers between your computers & remote computers.

No comments:

Post a Comment