26 Май, 2023

Deep Recon

Penetration Testing as a service (PTaaS)

Tests security measures and simulates attacks to identify weaknesses.

Introduction to Deep Recon

Deep recon is the process of gathering detailed and complete information about a target organization or system in order to secure information. The term is often used in the context of information security and cyber reconnaissance.

Deep reconnaissance involves more thorough and detailed research than conventional reconnaissance. It is based on the principle of “jigsaw puzzles,” where the goal is to obtain the maximum amount of information from various sources to form a complete picture of an organization or system.

In information security, deep reconnaissance plays an important role. Through deep recon, vulnerabilities, weaknesses and potential threats in a system can be identified, as well as information about the internal structure and configuration of an organization. This helps in determining the most effective security measures and developing a strategy to protect information.

Main technical characteristics of Deep Recon

Port scanning and service discovery. Deep Recon includes port scanning and service discovery on the target system or network. This identifies which services and ports are open and may be vulnerable or under attack.

Domain Information Collection. Deep Recon involves collecting information about domains associated with the target system or organization. This may include searching and analyzing WHOIS data, DNS records, domain registrar information, and other related data.

Open Data Collection and OSINT. Deep Recon is based on open data collection and Open Source Intelligence (OSINT). This includes searching public databases, social networks, forums, blogs, and other public sources for relevant data.

Network traffic analysis. Deep Recon can include analysis of network traffic to identify potentially relevant information such as IP addresses, network connections, protocols, etc. This helps in identifying anomalies, detecting vulnerabilities, and understanding the target’s network infrastructure.

Vulnerability Analysis. Deep Recon involves analyzing vulnerabilities that may exist in the target system or network. This may include using vulnerability scanning tools to identify weaknesses and potential entry points for attacks.

Social Engineering. Deep Recon can use social engineering techniques to gain additional information about a target system or organization. This may include phishing, interacting with employees, or obtaining information through publicly available communication channels.

Tool integration and automation. Deep Recon can include the use of various specialized tools and software to automate information gathering, data analysis, and vulnerability detection processes. This enables more efficient and accurate execution of deep reconnaissance tasks.

Data Analysis and Information Processing. Deep Recon includes analysis of collected data and information processing to identify links, patterns, hidden vulnerabilities, and potential attack vectors. This can include statistical analysis, machine learning, text analysis, and other techniques to extract valuable information.

Tools that can help you with Deep Recon

• Recon-ng: A full-featured reconnaissance framework that provides various modules for information gathering, including DNS, OSINT, and social media reconnaissance.

Step-by-step install Recon-ng on Kali Linux:

  • Clone the Recon-ng repository from GitHub by running the following command:

				
					git clone https://github.com/lanmaster53/recon-ng.git

				
			

 

  • Go to the Recon-ng directory by entering the command:

				
					cd recon-ng

				
			

 

  • Install the necessary dependencies using pip. Enter the following command:

				
					pip install -r REQUIREMENTS

				
			


If you have Python 3.x installed, use pip3 instead of pip.

  • You can now start Recon-ng by entering the command:

				
					./recon-ng

				
			

 

  • You will see such an entry in the console:

When you start Recon-ng for the first time, you may be prompted to install some additional modules. You can choose which modules to install, depending on your needs.

  • At the prompt, type the following command to view the available modules:

				
					marketplace search

				
			

 

  • This command will list all the available modules that you can install. Take note of the modules that you are interested in and want to install.

  • To install a module, use the following command:

				
					marketplace install <module_name>

				
			

 

  • Recon-ng will download and install the module from the Recon-ng marketplace. The installation process may take a few moments, depending on the size of the module.

  • Once the module is installed, you can use it in your reconnaissance workflows. 

Example tool output:

• TheHarvester: A tool for gathering email accounts, subdomains, virtual hosts, and open ports from public sources. 

Step-by-step install theHarvester on Kali Linux:

  • Clone theHarvester repository from GitHub by entering the following command:

				
					git clone https://github.com/laramies/theHarvester.git

				
			
  • Navigate to the theHarvester directory by entering the command:

				
					cd theHarvester

				
			

 

  • Install the required dependencies by entering the following command:

				
					sudo pip3 install -r requirements.txt

				
			

 

  • Now you can run theHarvester by entering the command:

				
					python3 theHarvester.py -h

				
			

 

  • You will see such an entry in the console:

This command will display the help information about theHarvester’s options and usage.

Example tool output:

 

DumpsterDiver: A tool that analyzes repositories on GitHub and searches for sensitive information, such as passwords, encryption keys, and API credentials.  

Step-by-step install DumpsterDiver on Kali Linux:

  • Download DumpsterDiver from GitHub by running the following command:

				
					git clone https://github.com/securing/DumpsterDiver.git

				
			

 

  • Navigate to the DumpsterDiver directory:

				
					cd DumpsterDiver

				
			

 

  • Install the Python dependencies using pip:

				
					sudo pip3 install -r requirements.txt

				
			

 

  • DumpsterDiver should now be installed on your Kali Linux system.

You can run DumpsterDiver by specifying the path to the target file or directory you want to analyze:

				
					python3 DumpsterDiver.py [path_to_file_or_directory]

				
			

 

DumpsterDiver will scan the selected file or directory and search for potentially sensitive information such as passwords, API keys, and other confidential data.

  • You can learn more about the DumpsterDiver functions by writing a command:

				
					python3 DumpsterDiver.py -h 
				
			

 

  • You will see such an entry in the console:

Example tool output:

 

Spiderfoot: An open-source intelligence (OSINT) automation tool that gathers data from various sources, such as DNS, WHOIS, IP addresses, social media platforms, and more

Step-by-step install Spiderfoot on Kali Linux:

  • Download and install Spiderfoot from GitHub by running the following commands:

				
					git clone https://github.com/smicallef/spiderfoot.git

				
			

 

  • Navigate to the DumpsterDiver directory:

				
					cd spiderfoot

				
			

 

  • Install the Python dependencies using pip:

				
					sudo pip install -r requirements.txt

				
			

 

  • Once the installation is complete, run Spiderfoot using the following command:

				
					python3 sf.py -l 0.0.0.0:8080 
				
			

 

  • You will see this message in the console, indicating that the scanner is running:

 

  • Use SpiderFoot by starting your web browser of choice and browse to http://127.0.0.1:8080

An example of the result of a scan of the tool:

 

GitGraber is a reconnaissance tool that searches for sensitive information across GitHub repositories. It can discover files, commit messages, and other data that might be useful for reconnaissance purposes.

Step-by-step install GitGraber on Kali Linux:

  • Clone the GitGraber repository:

				
					git clone https://github.com/hisxo/gitGraber.git

				
			

 

  • Navigate to the GitGraber directory:

				
					cd gitGraber

				
			

 

  • Install the necessary Python packages:

				
					pip3 install -r requirements.txt

				
			

 

  • You can enter the following command into the console for detailed instructions on the tool:

				
					python3 gitGraber.py -h
				
			

 

  • You can see this message in the console:

Before to start gitGraber you need to modify the configuration file config.py :

  • Add your own Github tokens (Personal access tokens) : GITHUB_TOKENS = ['yourToken1Here','yourToken2Here']

  • Add your own Discord Webhook : DISCORD_WEBHOOKURL = 'https://discordapp.com/api/webhooks/7XXXX/XXXXXX'

  • Add your own Slack Webhook : SLACK_WEBHOOKURL = 'https://hooks.slack.com/services/TXXXX/BXXXX/XXXXXXX'

  • Add your own Telegram Config : TELEGRAM_CONFIG = { "token": "XXXXX:xXXXXXXXXXXXXX", "chat_id": -99999999 }

Example tool output:

 

GitDorker  is a command-line tool that leverages GitHub’s search functionality to find potentially sensitive information in repositories. It helps you discover exposed credentials, configuration files, and other valuable data.

Step-by-step install GitDorker on Kali Linux:

  • Clone the GitDorker repository:

				
					git clone https://github.com/obheda12/GitDorker.git
				
			

 

  • Navigate to the GitDorker directory:

				
					cd GitDorker
				
			

 

  • Install the necessary Python packages:

				
					pip3 install -r requirements.txt
				
			

 

  • To learn more about what GitDorker can do, type this command into the console:

				
					python3 GitDorker.py -h 
				
			

 

  • You can see this message in the console:

Example tool output:

Дополнительная информация для изучения

Книги:

  • “Руководство хакера веб-приложений” by Dafydd Stuttard and Marcus Pinto: This book provides an extensive guide to web application exploration, including methods and techniques for Deep Recon. It also includes numerous vulnerability examples and security best practices.

  • “Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information” by Michael Bazzell: This book offers a comprehensive guide to gathering information using open sources (OSINT). It contains a wealth of useful tools and methods that can be applied to conduct Deep Recon.

  • “Искусство эксплуатации” by Jon Erickson – This book looks at various aspects of information security, including techniques for analysing and exploiting vulnerabilities. It can provide useful insights for Deep Recon research.

Safety labs for training:

  • Metasploitable is an intentionally vulnerable virtual machine designed for practice and penetration testing. It contains various vulnerabilities that can be used to learn and understand attack techniques.

  • Чертовски уязвимое веб-приложение (DVWA) is a vulnerable web application designed for learning and practicing penetration testing. It contains various vulnerabilities that can be used to learn and understand web application vulnerabilities.

Заключение

Deep Recon is a critical phase in the field of cybersecurity that involves gathering comprehensive and in-depth information about a target system, network, or organization. It plays a crucial role in identifying potential vulnerabilities, weaknesses, and attack vectors that can be exploited by adversaries.

Deep reconnaissance encompasses various methodologies, tools, and techniques to gather information from both open-source and closed sources. It involves activities such as network scanning, OSINT gathering, social engineering, web application testing, and more. By employing a systematic and thorough approach, deep reconnaissance enables security professionals to gain a better understanding of the target and make informed decisions regarding security measures.

The key features of deep reconnaissance include the use of advanced tools and technologies, adherence to ethical guidelines, and continuous learning and adaptation to keep up with the evolving threat landscape. It requires a combination of technical skills, critical thinking, creativity, and attention to detail.

Deep Recon is an ongoing process that should be conducted proactively to identify and mitigate potential risks. It helps organizations strengthen their security posture, identify vulnerabilities before they can be exploited, and implement effective security measures to protect their assets.

Другие Услуги

Готовы к безопасности?

Связаться с нами