DEV Community

Cover image for Week 3
Timothy Imanuel
Timothy Imanuel

Posted on

Week 3

#cybersecurity #devjournal #infosec #tooling

Week 03: Information Gathering and OSINT Tools

Disclaimer: The tools and techniques discussed in this blog are strictly for educational purposes.

This week in our Ethical Hacking and Penetration Testing class, we moved past the rules of engagement and into the actual **reconnaissance **phase. The focus was on utilizing search engines and Open Source Intelligence (OSINT) tools within Kali Linux to gather information about a target.

We covered three main tools that automate the process of scraping and connecting public data.

1. TheHarvester

The first tool is TheHarvester. Its primary function is to hunt down email accounts, usernames, and hostnames/subdomains associated with a specific target domain.

Instead of manually searching, TheHarvester automates queries across multiple search engines and databases. It supports scraping from sources like:

  • Google and Bing
  • LinkedIn and Google Profiles
  • PGP servers and Shodan

2. Metagoofil

While TheHarvester looks for accounts and domains, Metagoofil is designed specifically to extract metadata from public documents.

It works through an automated pipeline:

  1. It uses Google to search the target domain for specific file types (like PDFs or Word docs).
  2. It downloads all the discovered documents to your local disk.
  3. It extracts the hidden metadata and generates an HTML report.

This is highly effective because metadata often leaks sensitive internal information, such as employee usernames, the software versions used to create the files, and internal server or machine names.

3. Maltego

The most visually complex tool we looked at is Maltego. It is an open-source intelligence and forensics application that maps out how different pieces of data are connected.

Instead of just giving you a list of data, Maltego builds a relationship graph. We use different "Palettes" depending on what we are investigating:

  • Infrastructure Reconnaissance: You can map out the technical footprint of a target by finding the relationships between domains, DNS names, IPv4 addresses, and net blocks.
  • Personal Reconnaissance: You can find relationships between people, linking them to their email addresses, phone numbers, mutual friends, companies, and social media affiliations like Twitter and Facebook.

Information gathering is about building a comprehensive profile of the target's attack surface before launching any exploits. We will likely use the data collected from these tools in the later stages of our semester project.

Top comments (0)