🔍

Introduction to Penetration Testing Tools

Aug 6, 2024

AFS Hackers: Penetration Testing Tools Series

Speaker: Afshan
Topic: Introduction to Penetration Testing Tools

Overview

  • Starting a series on penetration testing tools.
  • Focus on information gathering tools.

What is Reconnaissance?

  • Definition: Information gathering about a target.
  • Types of Reconnaissance:
    • Active Reconnaissance: Engaging with the target system (e.g., port scanning).
    • Passive Reconnaissance: Gathering data without direct engagement.

Recon-ng

  • A passive reconnaissance framework written in Python.
  • Features:
    • Powerful environment for web-based reconnaissance.
    • Incorporates independent modules, database interaction, and interactive help.
    • Interface similar to Metasploit framework.

Practical Details

Accessing Recon-ng

  • Recon-ng is preinstalled on Kali Linux.
  • Access via terminal with recon-ng.

Initial Setup

  • No modules installed by default.
  • Use help command to access the help menu.
  • Key commands:
    • db: Interacts with the workspace database.
    • workspaces: Manages workspaces (like folders).

Installing Modules

  • Use marketplace install all to install all modules.
  • Some modules may fail and need separate installation.

Creating a Workspace

  • Good Practice: Create a workspace before starting reconnaissance.
  • Example command: workspaces create car_lover.

Using the Database

  • db command: Allows insertion, deletion, and querying of data.
  • Adding Domain Example:
    • Command: db insert domains tesla.com
    • Notes for learning purposes.

Information Gathering Process

Using Modules

  • Load Module Command:
    • Example: modules load hacker_target
  • Running Recon:
    • Set source with options set source tesla.com.
    • Run the module and gather results (e.g., total of 35 hosts found).

Reporting

  • Reporting Modules Available:
    • CSV, HTML, JSON, etc.
  • Example of creating an HTML report:
    • Set options for creator, customer, and filename.
    • Generate report: run command.

Viewing the Report

  • Open HTML report to view findings.
  • Report includes domain details and host information.

Conclusion

  • Covered two main modules:
    • Hacker Target for reconnaissance.
    • Reporting module for generating reports.
  • Encouragement to share the video and subscribe for more content.
  • Reminder to keep learning and practicing.

Full transcript