Dmitry or Deepmagic Information Gathering Tool is an all in one host information tool included in Backtrack 4’s Information Gathering section. Personally I prefer doing most info gathering using tools built into Linux however it is nice to run a tool like this in the background and come back later if you are multi-tasking. Before getting into the details of Dmitry please see this article relating to a Segmentation Fault that can occur with Dmitry on Backtrack 4.
We have been working on a bunch of Backtrack 4 articles recently and one that I started writing awhile back but never finished was on Dmitry or the Deepmagic Information Gathering Tool. When using the TCP Portscan module combined with the output to a file switch, which is done using the -p switch for the TCP Portscan and -o + filename for the output to a file, you will receive a Segmentation Fault. Below is an example when running Dmitry from within Backtrack 4.
Backtrack 4: Information Gathering: Searchengine: The Harvester – Email, User Names, Subdomain & Hostnames Finder
The next tool on Backtrack 4 I am going to review is The Harvester which was written by the guys over at Edge Security. The Harvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources. It’s a really simple tool, but very effective.
The supported sources are:
- Google – emails,subdomains/hostnames
- Bing search – emails, subdomains/hostnames
- Pgp servers – emails, subdomains/hostnames
- Linkedin – user names
Below I will go through a few examples of data mining some common search engines for usernames, email address’s and subdomains. The information gained in passive reconnaissance can be a invaluable resource for the penetration tester.
One of the biggest problems when conducting penetration tests and vulnerability assessments is the organization of all the information obtained on the test. I used to use a program called Leo to organize my information because it had a tree like interface and you well able to create a well mapped out report of all your information. A new tool was released last year which has expanded on this same method and added some other very cool features. Dradis is an open source framework to enable effective information sharing during penetration testing exercises. It provides a centralized repository of information to keep track of what has been done so far, and what is still ahead. Dradis is thus an ideal tool to help in the process of security assesments.
TCtrace is like a brother to itrace and traceroute but it uses TCP SYN packets to trace. This makes it possible for you to trace through firewalls if you know one TCP service that is allowed to pass from the outside. Once again its a very simple tool like the last few I have reviewed and it has one specific function.