Scribd
Upload
51 views3 pages

Information Gathering Tools

The document discusses various reconnaissance tools essential for information gathering in penetration testing, including Nmap, Disearch, Shodan, Amass, Sublist3r, Nikto, Google Dorking, and Maltego. Each tool is briefly described along with its primary functions and basic commands for use. The author emphasizes the importance of mastering these tools for effective vulnerability exploitation and encourages learning through available online resources.

Uploaded by

gikame8539
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views3 pages

Information Gathering Tools

The document discusses various reconnaissance tools essential for information gathering in penetration testing, including Nmap, Disearch, Shodan, Amass, Sublist3r, Nikto, Google Dorking, and Maltego. Each tool is briefly described along with its primary functions and basic commands for use. The author emphasizes the importance of mastering these tools for effective vulnerability exploitation and encourages learning through available online resources.

Uploaded by

gikame8539
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

recon/information Gathering Tools for bug bounty

information gathering is the most important stage of every pentesting so that you
will have a better understanding about your target to exploit Vulnerability and
information like (IP addresses,subdomains, open port and etc) but to gather
information you need to Proper information gathering tool and there are many
reconnaissance tool which are available on github but you don't know

But among of them I found Some best Recon tool which you can use to gather all of
the information about your target

nmap
Nmap is a network map tool and widely popular for discovering hosts and services on
the network and it's free and open source on github. It has many features and after
scanning a network you can get a lot of information such as host Discovery,
service/version detection and os detection also. this tool is very useful you can use
all of this information to audit network

basic nmap command


Nmap -v -A scanme.nmap.org

Disearch
Disearch Free and open source tool and wildly popular for brute force directories and
files in website this tool has many different features such as multithreaded, keep-alive
connection, multiple extension, exploiting report in both plaintext and JSON, http
proxy support, user-agent randomization and many more and you can use custom
wordlist To boot process files and directories this tool is quite friendly and easy to
use and it's supported for 3 major operating system Windows Mac OS and Linux

Basic disearch command


python search.py -u domain name -e html,php,jsp,json

shodan
Shodan is the search engine, hacker and security researchers used to find Vulnerable
internet of things devices and querying to the engine you can get the device IP
addresses,web servers detail, banner, ISP, SSS, FTP, Telnet and many more
for Hackers It's of great playground to gather as much information from a target

basics search query


product:cctv

amass
developed and maintained by OWASP and this tool is used to gather information
Such as DNS Enumeration, subdomain name alternions, web scraping,certificates,
web API and many more. this Tool is developed to help security research or to get
in-depth information about the target network

basic command
Amass -d example.com

sublist3r
is widely popular to Enumerate Subdomains of a website and to gather subdomain it
uses many popular searches Engines like Google Yahoo bing,etc To enumerate
subdomains it uses netcraft, viras total, threatcrowd, dnsdumpster, reverse DNS. this
tool is very much helpful to gather subdomain and most importantly to get better
result of Subdomain, subbuteo was integrate with it by using an improved word list

basics of command
python sublist3r.py -d google.com

nikto
Popular vulnerability scanner and its scanweb Servers To detect dangerous files,
outdated server software and many more, it performs specific server type checks
like( Clickjacking,mime Type etc) and this tool you can scan with any web servers
like Apache,NGINX, Oracle http server etc. This tool is quite useful to detect server
misconfiguration.

Google docker
in the information gathering How We can forget about Google do it is also name of
Google hacking it is a technique to find security holes in a website through Google
search it is much help helpful for the security resources and using Google web
crawling you can get the information such as username password and sensitive
information

Maltego
It is my personal favourite tool that can be used to determine the relationship and
Real world link between people, groups of People,social network, companies. it of a
real-time data mining and information gathering as well as a representation of this
information on node based craft making pattern and multi all order connection
between state information is easily identified

maximum it takes 15 to 20 days to learn all of these tools deeply but if you know this
about the tool Deeply then no one can stop you to become a king of information
gathering so try to learn this tool in YouTube every tutorial available on YouTube
freely which you can enjoy as an ethical hacker don't miss this tool

thank you so much for reading this post hope you like it and try to install metasploit
Framework on your machine

You might also like