Information Security

Backtrack 4: Information Gathering: Searchengine: The Harvester – Email, User Names, Subdomain & Hostnames Finder

The next tool on Backtrack 4 I am going to review is The Harvester which was written by the guys over at Edge Security. The Harvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources. It’s a really simple tool, but very effective.

The supported sources are:

  • Google – emails,subdomains/hostnames
  • Bing search – emails, subdomains/hostnames
  • Pgp servers – emails, subdomains/hostnames
  • Linkedin – user names

Below I will go through a few examples of data mining some common search engines for usernames, email address’s and subdomains. The information gained in passive reconnaissance can be a invaluable resource for the penetration tester.

Information Security

Backtrack 4: Information Gathering: DNS: Dnsmap – Subdomain brute-forcing

Today I will be reviewing Dnsmap from the Backtrack 4 Distribution. Dnsmap was originally released back in 2006 and has become a standard tool included is every backtrack release. There are other tools which preform the same tasks but I am a firm believer that a pentester/hacker should have the choice of as many tools as possible. My only small issue with this tool is speed, meaning it is not multi threaded however the author says in the readme.txt that he is addressing that issue. Dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target
company’s IP netblocks, domain names, phone numbers, etc …

Technology Insights

Use GoDaddy.com DNS Services To Redirect A Sub Domain

I recently developed a web site for a client on a temporary domain which was clientname.mydomain.com. After launching the site and modifying the recipients of the contact forms on the site I happened to get a contact form to my email address. I finally realized that the issue was not with the site I had moved live but someone this person who used the contact form had found the temporary site where I had done the development before pushing the site live. Anyhow the temporary domain’s DNS was hosted on GoDaddy.com so I decided to put in place a forward or redirect so anyone visiting the temporary domain would be redirected to the actual live domain. This redirect needed to be for a sub domain which I initially had to hunt for a bit to locate. Follow the directions below to redirect a sub domain using GoDaddy.com’s DNS services.