Itrace is a fairly simple tool so this will be short and sweet. Itrace is a program that implements traceroute functionality using ICMP echo request packets. Therefore, it looks like you are just pinging your target while you traceroute there. It often helps tracing behind firewalls.
Backtrack 4: Information Gathering: Search Engine: Goorecon – Find emails and subdomains using Google
During the Information Gathering section of a pentest, we are interested in finding out the various sub-domains of our target domain. In the past few tutorials we queried DNS servers using zone transfer requests or trying to retrieve entries using a dictionary & brute-forcing attacks. Another technique to figure out sub-domains is to query google and check if it has found any sub-domains during it’s web mining exercise on the target. Goorecon can do this. Goorecon was written by Carlos (Darkoperator) Perez.
One good thing about writing articles on tools is you get to test out lots of different stuff you may not have normally used. One of these tools for me was Metagoofil. Metagoofil is a tool for written in Python for extracting the metadata from public documents (pdf,doc,xls,ppt) available in the target websites. This information could be useful because you can get valid usernames, or people names, for using later in brute force password attacks (vpn, ftp, webapps etc.). The tool first queries Google for different filetypes that can have useful metadata (pdf, doc, xls,ppt,etc), then it downloads those documents to the disk and run the program “extract” on every file. It will generate a HTML page with the results of the metadata extracted, plus a list of potential usernames.
Backtrack 4: Information Gathering: DNS: Fierce – locate non-contiguous IP space and hostnames against specified domains
The final tool in the DNS Section is called fierce. It is a perl script written by rsnake. Fierce tries multiple techniques to find all the IP addresses and hostnames used by a target. These include – trying to dump the SOA records, do a zone transfer, searching for commonly used domain names with a dictionary attack, adjacency scan and a few more. Fierce is meant specifically to locate likely targets both inside and outside a corporate network. Only those targets are listed (unless the -nopattern switch is used). No exploitation is performed (unless you do something intentionally malicious with the -connect switch). Fierce is a reconnaissance tool. Fierce is a PERL script that quickly scans domains using several tactics.
Today I will be reviewing Dnsmap from the Backtrack 4 Distribution. Dnsmap was originally released back in 2006 and has become a standard tool included is every backtrack release. There are other tools which preform the same tasks but I am a firm believer that a pentester/hacker should have the choice of as many tools as possible. My only small issue with this tool is speed, meaning it is not multi threaded however the author says in the readme.txt that he is addressing that issue. Dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target
company’s IP netblocks, domain names, phone numbers, etc …