Most penetration testing (pentesting) tools collect public data on organizations, websites and identities, to know the social and technological presence on the Internet. There are several search engines that allow an in-depth analysis of online interrelationships and expand the “knowledge capacity”. These tools enable the exploration of emails, phone numbers, websites, organizations, by offering access to information that would often be “invisible” otherwise.
In this article I share several platforms that allow pentesting and data collection that are accessible only by having access to the internet and public.
Hunter
The Hunter website allows you to find professional email addresses in seconds and connect with the right people. Email domain search provides a list of people who work at a company with their name and email address, all found on the web. With over 100 million indexed email addresses, effective search filters, and deliverability controls.
Greynoise
Threat intelligence is the “cyclical practice” of planning, collecting, processing, analyzing, and disseminating information that poses a threat to applications and systems. Threat intelligence gathers real-time information to display the threat landscape to identify threats to a computer, application, or network. This information is collected from a number of resources and compiled into a single database that enables visibility into vulnerabilities and exploits that threat actors actively use on the Internet (in nature).
GreyNoise Intelligence, Inc. offers certain threat intelligence services and data through its proprietary database. It has a visualizer available in https://greynoise.io/viz.
Maltego
Maltego Radium™ is a pentesting tool (penetration testing) that collects public data on organizations, websites and identities, to know the social and technological presence on the Internet. The interface of the tool is very useful and interactive. The tool enables in-depth analysis of online interrelationships and expands the “knowledge capacity” of electronic identities.
This tool allows the exploration of emails, phone numbers, websites, organizations, by offering access to information that would often be “invisible” otherwise. The visual results are interactive and include half a dozen visualizations in social network format (node link). The presentation will show how to perform “machines” and “transformations” of a target, how to visually map the data and how to analyze it.
I already talked about this tool in the article Maltego radium: Mapping Identities and Network Links on the Internet. To install maltegotenenos you go to this address: https://www.maltego.com/downloads/
Onyphe
ONYPHE is a cyber defense search engine for cyber and open-source threat intelligence data collected by crawling various sources available on the Internet or listening to the background noise of the Internet. ONYPHE correlates this information with the data collected by active internet browsing for connected devices and also by tracking website URLs. It then normalizes the information and makes it available through an API and its query language. Shodan is a search engine for internet-connected devices. Web search engines, such as Google and Bing, are great for finding websites. But what if you’re interested in measuring which countries have the most connected devices? Or if you want to know which version of Microsoft IIS is the most popular? Or do you want to find the control servers for the malware? Maybe a new vulnerability came out and you want to see how many hosts it could affect? Traditional web search engines don’t allow you to answer those questions.
Shodan
Shodan is a search engine for internet-connected devices. Web search engines, such as Google and Bing, are great for finding websites. But what if you’re interested in measuring which countries have the most connected devices? Or if you want to know which version of Microsoft IIS is the most popular? Or do you want to find the control servers for the malware? Maybe a new vulnerability came out and you want to see how many hosts it could affect? Traditional web search engines don’t allow you to answer those questions.
Urlscan
The https://urlscan.io/ page is a free service for scanning and analyzing websites. When a URL is sent to urlscan.io, an automated process will look for the URL as a normal user and record the activity that creates the navigation of this page. This includes the domains and IPs contacted, the resources (JavaScript, CSS, etc.) requested from those domains, as well as additional information about the page itself. In addition, urlscan.io will take a screenshot of the page, record DOM content, JavaScript global variables, cookies created by the page, and a host of other observations.
Urlscan.io itself is a free service, but it also offers commercial products for intensive users and organizations that need additional information.
Wigle
The website will allow Wigle.net you to search for Wi-Fi networks. A map shows us the location and information of wireless networks around the world in a central database and there are also easy-to-use web and desktop applications that can map, query and update the database through the web. Therefore, it is a collaborative tool.