Week 3
Source: Dev.to
Week 03: Information Gathering and OSINT Tools
Disclaimer: The tools and techniques discussed in this blog are strictly for educational purposes.
This week in our Ethical Hacking and Penetration Testing class, we moved past the rules of engagement and into the actual reconnaissance phase. The focus was on utilizing search engines and Open Source Intelligence (OSINT) tools within Kali Linux to gather information about a target. We covered three main tools that automate the process of scraping and connecting public data.
TheHarvester
TheHarvester hunts down email accounts, usernames, and hostnames/subdomains associated with a specific target domain. Instead of manually searching, it automates queries across multiple search engines and databases. It supports scraping from sources such as:
- Google and Bing
- LinkedIn and Google Profiles
- PGP servers and Shodan
Metagoofil
Metagoofil is designed to extract metadata from public documents. Its automated pipeline works as follows:
- Uses Google to search the target domain for specific file types (e.g., PDFs, Word docs).
- Downloads all discovered documents to the local disk.
- Extracts hidden metadata and generates an HTML report.
Metadata often leaks sensitive internal information, such as employee usernames, software versions used to create the files, and internal server or machine names.
Maltego
Maltego is an open‑source intelligence and forensics application that maps how different pieces of data are connected. Rather than providing a simple list, it builds a relationship graph using various “Palettes”:
- Infrastructure Reconnaissance: Map the technical footprint of a target by finding relationships between domains, DNS names, IPv4 addresses, and net blocks.
- Personal Reconnaissance: Discover relationships between people, linking them to email addresses, phone numbers, mutual friends, companies, and social media accounts (Twitter, Facebook, etc.).
Information gathering is about building a comprehensive profile of the target’s attack surface before launching any exploits. The data collected from these tools will likely be used in later stages of our semester project.