Information Gathering Tools

Information Gathering Tools

ToolsDescription
ace-voipACE (Automated Corporate Enumerator) is a powerful tool that mimics the behavior of IP phones to download the name and extension entries. It is developed to automate VoIP attacks that can be targeted against names in an enterprise directory.
AmapIt is a tool that identifies applications even if they are running on a different port and also identifies non-ASCII based applications.
APT2It is the acronym for "Automated Penetration Testing". It is a tool that performs an NMap or imports the results of a scan from Nexpose, Nessus, or NMap.
arp-scanIt is also called as ARP sweep or MAC Scanner. It is a very fast ARP packet scanner that shows every active IPv4 device on your Subnet even if they have firewalls. ARP is non-routable, so it only works on the Local LAN.
AutomaterIt is a URL or Domain, IP Address, and Md5 Hash OSINT analysis tool that eases the analysis process for intrusion Analyst.
bing-ip2hostsIt enumerates hostnames for an IP using bing.com. It comes with a feature to search for websites hosted on a specific IP address.
braaIt is a mass SNMP scanner able to query dozens or hundreds of hosts simultaneously and in a single process. It is very fast as it consumes few system resources.
CaseFileCaseFile is a limited form of Maltego. It has the same graphic application as Maltego but not has the ability to run the transformation.
CDPSnarfIt is a network sniffing tool exclusively written to extract information from CDP (Cisco Discovery Protocol) packets. It also provides the information a "show cdp neighbors detail" command would return on a Cisco router.
cisco-torchIt is a Cisco device scanner that extensively uses forking to launch multiple scanning processes on the background for maximum scanning efficiency.
copy-router-configIt copies configuration files from Cisco devices running SNMP (Simple Network Management Protocol).
DmitryIt stands for Deepmagic Information Gathering Tool. It is a UNIX/ (GNU) Linux Command Line Application coded in C language. It is able to gather as many details as possible about a host.
DnmapIt is a framework to distribute nmap scans among n number of clients. It always reads an already created file with nmap commands and sends those commands to each client connected to it.
DnsmapIt is used by pen-testers during the information gathering/enumeration phase of infrastructure security assessments to find the target company's IP netblocks, domain names, phone numbers, etc...
DNSReconIt is a powerful DNS enumeration script that provides the ability to perform- check all NS records for zone transfer, General DNS Record and SRV Record Enumeration, checks Wildcard Resolution, PTR record lookup, etc.
DnstracerIt traces DNS queries to the source and determines whether a given Domain Name Server gets its information from a given hostname.
DnswalkIt is a DNS debugger that performs zone transfers of specified domains and checks the database in many ways for internal consistency and accuracy.
DotDotPwnIt is a fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers and Web platforms such as CMSs, ERPs, Blogs, etc.
Enum4LinuxIt is a tool to enumerate information from Windows and Samba systems.
enumIAXIt is an Inter Asterisk Exchange protocol username brute-force enumerator. It operates in two distinct modes- Sequential Username Guessing and Dictionary Attack.
EyeWitnessIt is a tool to take screenshots of websites, RDP (Remote Desktop) services, and open VNC (Virtual Network Computing) servers. It also provides some server header info and identifies default credentials if possible.
FaradayIt introduces IPE (Integrated Penetration-Test Environment), which is a multiuser Penetration test IDE that is designed for distribution, indexing and analysis of the data generated during a security audit. The main purpose if this tool is to re-use the available tools.
FierceIt is a survey tool that is used to locate likely targets both inside and outside a corporate network.
FirewalkIt is a network security survey tool that is used to determine what will be passed by the layer 4 protocol (a given IP forwarding device). It works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway.
fragrouteIt provides a simple rule set language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise hop with all outbound packets destined for a target host with minimal support for random behaviour.
fragrouterIt is a network intrusion detection toolkit. It is a one-way fragmenting router, i.e. IP packets get sent from the attackers to the fragrouter, which changes them into a fragmented data stream to forward to the victim.
Ghost PhisherIt is a GUI suit for phishing and penetration attacks. Or a wireless and Ethernet security auditing and attack software program to emulate and deploy access points.
GoLismeroIt is an open source framework for security testing. It is currently used for web security but can be easily expanded to other kinds of the scan.
goofileThis tool is used to search a specific file type in a given domain.
hping3It is an Active Network Smashing Tool used as a security tool to perform Firewall testing, advance port scanning, network testing, manual path MTU discovery, remote OS fingerprinting, TCP/IP stacks auditing, etc....
ident-user-enumIt is used to determine the owner of the TCP network process listening on each TCP port of a target system. It can help to prioritise target service during a pen-test.
InSpyIt is a LinkedIn enumeration tool with two functionalities i.e., TechSpy and EmpSpy. TechSpy takes LinkedIn job listings for technologies used by the target company. InSpy is used to identify technologies by matching job descriptions to the keyword from a newline-delimited file.
InTraceIt enables users to enumerate IP hops, which are exploiting existing TCP connections from the local network as well as from remote hosts. It can be used for network survey and firewall bypassing.
iSMTPIt tests for the SMTP user enumeration (RCPT TO and VRFY), internal spoofing, and relay.
lbdIt stands for Load Balancing Detector. It is used if a given domain uses DNS or HTTP Load-Balancing.
Maltego TeethIt can be used for the information gathering phase of all security related work. It helps you in your thinking process by visually demonstrating interconnected links between searched items. It gives you access to hidden information.
MasscanIt is the fastest internet port scanner that scans the entire internet under 6 minutes, transmitting 10 million packets per second.
MetagoofilIt is an information gathering tool designed for extracting metadata of a public document that belongs to a target company.
MirandaIt is a Plug-N-Play client application designed to discover, query, and interact with UPNP devices, Internet Gateway Devices.
nbtscan-unixwizIt is a command-line tool that scans for open NETBIOS name servers on a local or remote TCP/IP network.
NiktoIt is an open source web server scanner used to run the comprehensive test against web servers for multiple items that includes huge number of potentially dangerous files, run checks for outdated version over thousands of servers and also version specific problems
NmapThis utility is used for network discovery and security auditing. It uses raw IP packets in simple ways to determine what hosts are available on the network.
ntopIt shows the network uses and can be used in both interactive or web mode. It uses libcap, a system-independent interface for user-level packet capture.
OSRFrameworkIt is a set of libraries that checks for a user profile in up to 290 different platforms. It provides a way of making these queries graphically.
p0fThis tool utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the processes behind any TCP/IP communication without interfering in any way.
ParseroIt is used to read the Robots.txt files of a web server and look at the banned entries. These entries tell the search engines what directories or files hosted on a web server mustn't be indexed.
Recon-ngIt is a fully loaded web survey framework in which open-source web-based reconnaissance can be conducted quickly and thoroughly.
SETSET stands for Social Engineer Toolkit. It is an open-source penetration testing framework that is designed for Social-Engineering. It contains a number of custom attack vectors that allow you to make a believable attack in a fraction of the time.
SMBMapIt allows the user to enumerate samba share drives across an entire domain. It contains the list of share drives, drives permissions, shares contents, upload/download functionality, etc.? It is designed to simplify searching for potentially sensitive data across large networks.
smtp-user-enumIt is a username guessing tool primarily for the SMTP service. It is used to enumerate OS level user accounts on Solaris via the SMTP (Simple Mail Transfer Protocol) service.
snmp-checkIt allows you to enumerate the SNMP devices and places the output in a readable format. It is useful for penetration testing or system monitoring.
SPARTAIt is a network infrastructure penetration testing tool that aids the penetration tester in the scanning and enumeration phase. It eases access to the toolkits and displays output in a convenient way.
sslcauditIt can be used against the MIMT attacks and useful for testing thick clients and anything communicating over SSL/TLS over TCP.
SSLsplitIt is a tool for man-in-the-middle-attack against SSL/TLS encrypted network connections. It is very useful for network forensics and penetration testing.
sslstripIt is used to transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects to it. It maps those links into similar HTTP links or homographs.
SSLyzeIt analyses the SSL configuration of a server by connecting to it. It is very fast and comprehensive, and help the tester to identify mis-configuration that are affecting their SSL servers.
Sublist3rIt is a fast subdomain enumeration tool for penetration testers. It iterates subdomains using many search engines such as Google Yahoo, Bing, and Ask, etc
THC-IPV6It is a tool to attack the inherited weakness of IPV6 and ICMP6 protocol. It converts a MAC or IPv4 address to an IPv6 address.
theharvesterIt is used to gather e-mail accounts and subdomain names from public sources.
TLSSLedIt is used to evaluate the security of a target SSL/TLS (HTTPS) web servers' implementation.
twofiIt stands for Twitter Words of Interest. It will take multiple search terms and return a word list sorted by most common first.
UnicornscanIt is an information gathering and correlation engine that is scalable, accurate, flexible, and efficient. It measures the response from a TCP/IP enabled device or network.
URLCrazyIt is a Domain typo generator that detects and performs typo squatting, URL hijacking, phishing, and corporate espionage.
WiresharkIt is a network protocol/traffic analyser. It allows us to monitor our network at a microscopic level.
WOL-EA complete suite of tools for the Wake on LAN feature of network attached computers.
XplicoIt is a Network Forensic Analysis Tool (NFAT), which is used to extract the application data from internet traffic.





Latest Courses