Lanmap is one of those tools I never really used until now. Its actually very cool. Lanmap sits quietly on a network and builds a picture of what it sees and outputs it in svg,png or gif format. I let it run on a test network far a hour or so and was impressed with the output. The only drawback is that it doesn’t “see” through switches so it can only do the private subnet the computer is physically on.
Itrace is a fairly simple tool so this will be short and sweet. Itrace is a program that implements traceroute functionality using ICMP echo request packets. Therefore, it looks like you are just pinging your target while you traceroute there. It often helps tracing behind firewalls.
During the Information Gathering section of a pentest, we are interested in finding out the various sub-domains of our target domain. In the past few tutorials we queried DNS servers using zone transfer requests or trying to retrieve entries using a dictionary & brute-forcing attacks. Another technique to figure out sub-domains is to query google and check if it has found any sub-domains during it’s web mining exercise on the target. Goorecon can do this. Goorecon was written by Carlos (Darkoperator) Perez.
Recently I was moving files from one directory to another on a CentOS 5.4 server and ran into an issue. When attempting to move every single file in the directory I received an error which is noted below. It took me a couple minutes but I figured out by trial and error that the issue was related to files starting with a “-“(dash) because the mv command thought that I was attempting to use a switch. The resolution is easy using “./”. Look at the below examples for more information about the error and how it was resolved.
One good thing about writing articles on tools is you get to test out lots of different stuff you may not have normally used. One of these tools for me was Metagoofil. Metagoofil is a tool for written in Python for extracting the metadata from public documents (pdf,doc,xls,ppt) available in the target websites. This information could be useful because you can get valid usernames, or people names, for using later in brute force password attacks (vpn, ftp, webapps etc.). The tool first queries Google for different filetypes that can have useful metadata (pdf, doc, xls,ppt,etc), then it downloads those documents to the disk and run the program “extract” on every file. It will generate a HTML page with the results of the metadata extracted, plus a list of potential usernames.