This Post is All About Information gathering using Kali Linux Tools Part 2.
5. DMITRY:
It is a tool of kali Linux that is used for the basic information gathering of a website. It provides us the IP address, sub domains, related emails and more information about the main domain of website. It is pre-installed in kali Linux and easy to use. So a hacker must learn it for basic information gathering. Now we will discuss the main commands of dmitry in kali Linux for information gathering.
TO SEE ALL OPTIONS OF DMITRY:
(dmitry -h)
TO DISCOVER ALL INFORMATION ABOUT A TARGET WEBSITE AND TO SAVE IT IN FILE:
(dmitry -winsepo +path of file to save information +domain of target website) e.g. (dmitry -winsepo /root/Desktop/output.txt vulnweb.com)
Output of Dmitry about target
You can use different options separately but best is to use them combine as I used to get full detail of target website.
6. WHATWEB:
It is the tool of the kali Linux that is used to get information of a website. It tells about the services, cookies, country, email, ip address, script, title etc. of a specific website. It provides lot of basic information in little time and helps in hacking. Now we will see the basic and important commands of the whatweb tool.
TO SEE BASIC INFORMATION:
(whatweb -v+domain of website) e.g. (whatweb -v facebook.com)
TO SCAN AN IP ADDRESS:
(whatweb +ip address of website) e.g. (whatweb 192.168.14)
FOR MORE AGGRESSIVE SCAN:
(whatweb --aggression + 3 -v + ip of webste) e.g. (whatweb --aggression 3 -v 192.168.1.4)
TO SCAN MULTIPLE IP ADDRESSES IN A NETWORK:
(whateb --aggression + 3 -v + ip range) e.g. (whatweb --aggression 3 -v 192.168.4.1/24)
TO AVOID ERRORS DURING SCANNING:
(whatweb --aggression + 3 -v + ip range --no-errors) e.g. (whatweb --aggression 3 -v 192.168.4.1/24 --no-errors)
Output of whatweb tools about target website
NOTE: Use only 3 for aggression, for aggressive scan.
TO SCAN WEBSITES IN A FILE:
(whatweb -e + path of file -v) e.g. (whatweb -e /root/Desktop/pass.txt -v)
TO SEE THE PLUGINS OF WHATWEB:
(whatweb -e)
FOR HEAVY SCANNING:
(whatweb --aggression 4 -v + ip address) e.g.(whatweb --aggression 4 -v 192.168.1)
FOR STEALTHY SCANNING:
(whatweb --aggression 1 -v + ip address) e.g. (whatweb --aggression 1 -v 192.168.1)
These were important commands of whatweb but you can learn more for more knowledge. So best of luck for whatweb tool for basic information gathering.
7. WAFW00F:
It is the basic information gathering tool of the kali Linux that is used to detect the firewall victim’s website. It very important tool to learn, because before hacking firewall detection is important, and we have to bypass it during hacking. So, we must learn it. It is very small and easy to use.
The main commands of the wafw00f are following.
TO SEE ALL OPTION OF WAFW00F:
(wafw00f -h)
TO DETECT ALL FIREWALLS OF A WEBSITE IN DETAIL:
(wafw00f -a + link of web -v) e.g. (wafw00f -a https://www.victim.org/ -v)
Firewall of our target website
TO SEE THE LIST OF FIREWALLS DETECTED BY WAFW00F:
(wafw00f -list)
TO BYPASS THE 3XX RESPONSES DURING DETECTION:
(wafw00f -a + link of web -r -v) e.g. (wafw00f -a https://www.vulnweb.org/ -r -v)
TO CHECK A SPECIFIC FIREWALL:
(wafw00f + link of web -t + name of firewall -v) e.g. (wafw00f https://www.victim.org/ -t -v)
TO SAVE OUTPUT IN A FILE:
(wafw00f +link -a -o + path of file) e.g. (wafw00f http://www.victim.org/ -a -o /root/out.txt)
TO SCAN TARGET WEBSITES FROM A FILE:
(wafw00f -a -I + path of target file) e.g. (wafw00f -a -I /root/Desktop/target.txt -v)
8. FIERCE:
It is the information gathering tool of the kali Linux that is used to find subdomains of a specific domain and their IP address. It helps in basic information gathering. Mostly it is used before nmap, nikto etc. for basic information gathering. The main commands of fierce tool are following.
TO SEE ALL OPTIONS OF FIERCE:
(fierce -help)
TO COLLECT INFORMATION OF SPECIFIC DOMAIN:
(fierce --domain+ Domain of website) e.g. (fierce --domain google.com)
Output of fierce about our target website
TO CONNECT TO HTTP OF WEBSITE DURING SCANNING:
(fierce --domain +domain --connect) e.g. (fierce --domain google.com --connect)
TO SCAN COMPLETE CLASS ‘C’ DISCOVERED INFORMATION:
(fierce --domain +domain of website --wide) e.g. (fierce --domain google.com --wide)
TO SET A DELAY TIME DURING SCANNING:
(fierce --domain +domain of website --delay +time) e.g. (fierce --domain google.com --delay 5)
TO FILTER DURING SCANNING:
(fierce --domain +domain --search + any word) e.g. (fierce --domain google.com --search pink)
TO SCAN A DOMAIN ON TCP:
(fierce --domain +domain --tcp) e.g. (fierce --domain google.com --tcp)