Information Security

Backtrack 4: Information Gathering: Dmitry – Deepmagic Information Gathering Tool

Dmitry or Deepmagic Information Gathering Tool is an all in one host information tool included in Backtrack 4’s Information Gathering section. Personally I prefer doing most info gathering using tools built into Linux however it is nice to run a tool like this in the background and come back later if you are multi-tasking. Before getting into the details of Dmitry please see this article relating to a Segmentation Fault that can occur with Dmitry on Backtrack 4.

Information Security

Backtrack 4: Dmitry – Segmentation Fault Error When Using TCP Portscan Module

We have been working on a bunch of Backtrack 4 articles recently and one that I started writing awhile back but never finished was on Dmitry or the Deepmagic Information Gathering Tool. When using the TCP Portscan module combined with the output to a file switch, which is done using the -p switch for the TCP Portscan and -o + filename for the output to a file, you will receive a Segmentation Fault. Below is an example when running Dmitry from within Backtrack 4.

Information Security

Backtrack 4: Information Gathering: Searchengine: The Harvester – Email, User Names, Subdomain & Hostnames Finder

The next tool on Backtrack 4 I am going to review is The Harvester which was written by the guys over at Edge Security. The Harvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources. It’s a really simple tool, but very effective.

The supported sources are:

  • Google – emails,subdomains/hostnames
  • Bing search – emails, subdomains/hostnames
  • Pgp servers – emails, subdomains/hostnames
  • Linkedin – user names

Below I will go through a few examples of data mining some common search engines for usernames, email address’s and subdomains. The information gained in passive reconnaissance can be a invaluable resource for the penetration tester.

Information Security

Backtrack 4: Information Gathering: Dradis – Effective Information Sharing

One of the biggest problems when conducting penetration tests and vulnerability assessments is the organization of all the information obtained on the test. I used to use a program called Leo to organize my information because it had a tree like interface and you well able to create a well mapped out report of all your information. A new tool was released last year which has expanded on this same method and added some other very cool features. Dradis is an open source framework to enable effective information sharing during penetration testing exercises. It provides a centralized repository of information to keep track of what has been done so far, and what is still ahead. Dradis is thus an ideal tool to help in the process of security assesments.