34 Глава 2 • Получение информации из открытых источников
Известен случай, когда хакер выяснил, что один из сотрудников компании занимается коллекционированием значков. Он ответил на размещенное этим человеком объявление и сообщил, что у него есть именно те коллекционные экземпляры, которые тот ищет. Затем он дал ему ссылку на страничку, где можно посмотреть всю коллекцию и выбрать интересующие значки. Конечно же, страничка была создана хакером заранее и содержала вирус, который заразил компьютер данного сотрудника и позволил хакеру получить доступ к его данным.
recon-ng
В состав Kali Linux входит одно очень интересное и нужное ПО — recon-ng. Это написанный на Python фреймворк, который поможет автоматизировать сбор информации из сети Интернет.
Данный фреймворк содержит множество подключаемых модулей, с которыми мы рекомендуем ознакомиться подробнее.
Данная программа состоит из подключаемых модулей, и команда show modules покажет нам их все.
root@kali:~# recon-ng
76] Recon modules
[7]Reporting modules
[2]Import modules
[2]Exploitation modules
[2]Discovery modules
[recon-ng][default] > show modules
Discovery
---------
discovery/info_disclosure/cache_snoop discovery/info_disclosure/interesting_files
Exploitation
------------
exploitation/injection/command_injector exploitation/injection/xpath_bruter
Import
------
import/csv_file import/list
Recon
-----
recon/companies-contacts/bing_linkedin_cache recon/companies-contacts/indeed recon/companies-contacts/jigsaw/point_usage recon/companies-contacts/jigsaw/purchase_contact
Автоматизация процесса 35
recon/companies-contacts/jigsaw/search_contacts recon/companies-contacts/linkedin_auth recon/companies-multi/github_miner recon/companies-multi/whois_miner recon/contacts-contacts/mailtester recon/contacts-contacts/mangle recon/contacts-contacts/unmangle recon/contacts-credentials/hibp_breach recon/contacts-credentials/hibp_paste recon/contacts-domains/migrate_contacts recon/contacts-profiles/fullcontact recon/credentials-credentials/adobe recon/credentials-credentials/bozocrack recon/credentials-credentials/hashes_org recon/domains-contacts/metacrawler recon/domains-contacts/pgp_search recon/domains-contacts/whois_pocs recon/domains-credentials/pwnedlist/account_creds recon/domains-credentials/pwnedlist/api_usage recon/domains-credentials/pwnedlist/domain_creds recon/domains-credentials/pwnedlist/domain_ispwned recon/domains-credentials/pwnedlist/leak_lookup recon/domains-credentials/pwnedlist/leaks_dump recon/domains-domains/brute_suffix recon/domains-hosts/bing_domain_api recon/domains-hosts/bing_domain_web recon/domains-hosts/brute_hosts recon/domains-hosts/builtwith recon/domains-hosts/google_site_api recon/domains-hosts/google_site_web recon/domains-hosts/hackertarget recon/domains-hosts/netcraft recon/domains-hosts/shodan_hostname recon/domains-hosts/ssl_san recon/domains-hosts/threatcrowd recon/domains-hosts/vpnhunter recon/domains-vulnerabilities/ghdb recon/domains-vulnerabilities/punkspider recon/domains-vulnerabilities/xssed recon/domains-vulnerabilities/xssposed recon/hosts-domains/migrate_hosts recon/hosts-hosts/bing_ip recon/hosts-hosts/freegeoip recon/hosts-hosts/ipinfodb recon/hosts-hosts/resolve recon/hosts-hosts/reverse_resolve recon/hosts-hosts/ssltools recon/hosts-locations/migrate_hosts recon/hosts-ports/shodan_ip recon/locations-locations/geocode recon/locations-locations/reverse_geocode recon/locations-pushpins/flickr recon/locations-pushpins/instagram recon/locations-pushpins/picasa recon/locations-pushpins/shodan
36 Глава 2 • Получение информации из открытых источников
recon/locations-pushpins/twitter recon/locations-pushpins/youtube recon/netblocks-companies/whois_orgs recon/netblocks-hosts/reverse_resolve recon/netblocks-hosts/shodan_net recon/netblocks-ports/census_2012 recon/netblocks-ports/censysio recon/ports-hosts/migrate_ports recon/profiles-contacts/dev_diver recon/profiles-contacts/github_users recon/profiles-profiles/namechk recon/profiles-profiles/profiler recon/profiles-profiles/twitter recon/profiles-repositories/github_repos recon/repositories-profiles/github_commits recon/repositories-vulnerabilities/gists_search recon/repositories-vulnerabilities/github_dorks
Reporting
---------
reporting/csv
reporting/html
reporting/json
reporting/list
reporting/pushpin
reporting/xlsx
reporting/xml
Теперь с помощью recon-ng мы найдем поддомены, которые используются amazon. com. Загрузим нужный модуль «load google_site_web», посмотрим на его параметры «set», зададим нужные «set source amazon.com» и запустим его командой «run».
[recon-ng][default] > load google_site_web recon-ng][default][google_site_web] > set Sets module options
Usage: set <option> <value>
Name |
Current Value |
Required |
Description |
------ |
------------- |
-------- |
----------- |
SOURCE |
default |
yes |
source of input (see 'show info' for details) |
[recon-ng][default][google_site_web] > set source amazon.com |
|||
SOURCE => |
amazon.com |
|
|
[recon-ng][default][google_site_web] > run
----------
AMAZON.COM
----------
[*]Searching Google for: site:amazon.com
[*][host] authorcentral.amazon.com (<blank>)
[*][host] aws.amazon.com (<blank>)
[*][host] whispercast.amazon.com (<blank>)
[*][host] www.amazon.com (<blank>)
[*][host] storywriter.amazon.com (<blank>)
Автоматизация процесса 37
[*][host] affiliate-blog.amazon.com (<blank>)
[*][host] payments-de.amazon.com (<blank>)
[*][host] payments.amazon.com (<blank>)
[*][host] kdp.amazon.com (<blank>)
[*][host] advertising.amazon.com (<blank>)
[*][host] services.amazon.com (<blank>)
[*][host] vendorexpress.amazon.com (<blank>)
[*][host] studios.amazon.com (<blank>)
[*][host] developer.amazon.com (<blank>)
[*][host] videodirect.amazon.com (<blank>)
[*]Searching Google for: site:amazon.com -site:authorcentral.amazon.com -site:aws. amazon.com -site:whispercast.amazon.com -site:www.amazon.com -site:storywriter. amazon.com -site:affiliate-blog.amazon.com -site:payments-de.amazon.com -site:payments.amazon.com -site:kdp.amazon.com -site:advertising.amazon.com -site:services.amazon.com -site:vendorexpress.amazon.com -site:studios.amazon.com -site:developer.amazon.com -site:videodirect.amazon.com
[*][host] affiliate-program.amazon.com (<blank>)
[*][host] sellercentral-europe.amazon.com (<blank>)
[*][host] uedata.amazon.com (<blank>)
[*][host] twitch.amazon.com (<blank>)
[*][host] payments-de-sandbox.amazon.com (<blank>)
[*][host] kindlescout.amazon.com (<blank>)
[*]Searching Google for: site:amazon.com -site:authorcentral.amazon.com -site:aws. amazon.com -site:whispercast.amazon.com -site:www.amazon.com -site:storywriter. amazon.com -site:affiliate-blog.amazon.com -site:payments-de.amazon.com -site:payments.amazon.com -site:kdp.amazon.com -site:advertising.amazon.com -site:services.amazon.com -site:vendorexpress.amazon.com -site:studios.amazon.
com -site:developer.amazon.com -site:videodirect.amazon.com -site:affiliate- program.amazon.com -site:sellercentral-europe.amazon.com -site:uedata.amazon.com -site:twitch.amazon.com -site:payments-de-sandbox.amazon.com -site:kindlescout. amazon.com
[*][host] music.amazon.com (<blank>)
[*]Searching Google for: site:amazon.com -site:authorcentral.amazon.com -site:aws. amazon.com -site:whispercast.amazon.com -site:www.amazon.com -site:storywriter. amazon.com -site:affiliate-blog.amazon.com -site:payments-de.amazon.com -site:payments.amazon.com -site:kdp.amazon.com -site:advertising.amazon.com -site:services.amazon.com -site:vendorexpress.amazon.com -site:studios.amazon.
com -site:developer.amazon.com -site:videodirect.amazon.com -site:affiliate- program.amazon.com -site:sellercentral-europe.amazon.com -site:uedata.amazon.com -site:twitch.amazon.com -site:payments-de-sandbox.amazon.com -site:kindlescout. amazon.com -site:music.amazon.com
[*][host] smile.amazon.com (<blank>)
[*]Searching Google for: site:amazon.com -site:authorcentral.amazon.com -site:aws. amazon.com -site:whispercast.amazon.com -site:www.amazon.com -site:storywriter. amazon.com -site:affiliate-blog.amazon.com -site:payments-de.amazon.com -site:payments.amazon.com -site:kdp.amazon.com -site:advertising.amazon.com -site:services.amazon.com -site:vendorexpress.amazon.com -site:studios.amazon.
com -site:developer.amazon.com -site:videodirect.amazon.com -site:affiliate- program.amazon.com -site:sellercentral-europe.amazon.com -site:uedata.amazon.com -site:twitch.amazon.com -site:payments-de-sandbox.amazon.com -site:kindlescout. amazon.com -site:music.amazon.com -site:smile.amazon.com
[*][host] sellercentral.amazon.com (<blank>)
[*]Searching Google for: site:amazon.com -site:authorcentral.amazon.com -site:aws. amazon.com -site:whispercast.amazon.com -site:www.amazon.com -site:storywriter. amazon.com -site:affiliate-blog.amazon.com -site:payments-de.amazon.com -site:payments.amazon.com -site:kdp.amazon.com -site:advertising.amazon.com