Allow us to have everything in one place
recon-ng (its similar to metasploit in how it works):
recon-ng
marketplace searchMarketplace:
Has all the tools with path, version, status and last updated
Install: (example script tool is hackertarget)
marketplace install hackertargetload the tool:
modules load hackertargethelp/info on how to use:
infoHow to use:
options set SOURCE tcm-sec.com
runFound subdomains and IP addresses.
Check the table where these info get stored:
show hostsTo go back to default:
backProfiler:
Uses the profiles table usernames to search them on WhatsMyName
options set SOURCE Alacriticdoesn’t work
He recommends:
sn0int
Spiderfoot
Maltego:
Most if not all Transforms (plugins) need API keys.
To use without API keys:
Make a new graph (upper left) and:
- add a domain from entities
- Double click to edit
- right click to run Transforms like DNS, Domain Owner, Email Addresses, Files and Docs
- All runs all of it
- choose the dates you want for Wayback machine
(I did great with it 💀)
Hunchly -Â https://hunch.ly
$130 per year, works on Chrome(ium?)
- Add case
- The Cyber Mentor
- Selectors:
- highlights, anything you want to see on a page
- like thecybermentor, Heath Adams
- should add usernames, emails, phone numbers, etc
- Tags:
- Social Media, Breached Passwords, Phone Numbers, People, Wireless Networks
- To do list to not miss a point
- Check next to it when you’re done with each
- How to use at 4:32: https://academy.tcm-sec.com/courses/1214089/lectures/27267102