COOL RECON TECHNIQUES EVERY HACKER MISSES

Transcript

1. COOL RECON TECHNIQUES EVERY HACKER MISSES PRESENTATION

2. INTRODUCTION $whoami • 3+ years of experience • Government of

   India - Top 15 Hackers in Jan 2020 • Bounties and HoF from various organizations such as the United Nations, Deutsche Telekom, Sarova, etc. • Instructor at Udemy for Android and iOS Pentesting course • CEH and eJPT certified

3. RECON TECHNIQUE #1 VAIBHAV LAKHANI Favicon Hashes FOFA & Shodan

   • Get Favicon Hashes: cat urls.txt | python3 favfreak.py or https://en.fofa.info/ • Use Shodan dork: http.favicon.hash:<hash>

4. RECON TECHNIQUE #2 VAIBHAV LAKHANI Reverse Whois Lookup Find more

   assets! • Perform whoislookup • Visit drs.whoisxmlapi.com to find more assets

5. RECON TECHNIQUE #3 VAIBHAV LAKHANI MEG Find Hidden Paths •

   Meg is a powerful tool that allows you to find hidden paths/directories very quickly without flooding traffic. • Command: meg paths.txt hosts.txt output

6. RECON TECHNIQUE #4 VAIBHAV LAKHANI Waymore Not just Wayback Link:

   https://github.com/xnl-h4ck3r/waymore Includes: • Wayback Machine (web.archive.org) • Common Crawl (index.commoncrawl.org) • Alien Vault OTX (otx.alienvault.com) • URLScan (urlscan.io)

7. RECON TECHNIQUE #1 VAIBHAV LAKHANI 3rd Party Endpoints Effectively •

   Urlscan.io/search Ex. bsidesahmedabad.com keywords bsidesahmedabad.* bsidesahmedabad-* Remove duplicate results Ex. [bsides.* -bsidesahmedabad.in] Ex. [bsidesahmedabad.* -bsidesahmedabad.in] Ex. [bsidesahmedabad.in -www.bsidesahmedabad.in -help.bsidesahmedabad.in]

8. RECON TECHNIQUE #1 VAIBHAV LAKHANI Dorking Effectively • Pentest Tools

   called as Google-Hacking • Pagodo • Not just Google but also Bing!

9. RECON TECHNIQUE #1 VAIBHAV LAKHANI Hunt CVE’s nrich & dnsx

   • Nrich, can be used to analyze IPs in a file for CVEs and open ports and vulnerabilities. • Command: cat subdomains.txt | dnsx -a - resp-only | nrich -

10. STUDIO SHODWE VAIBHAV LAKHANI THANK YOU