Information gathering tools

Introduction

Information gathering tools are a great asset to perform reconnaissance during a penetration test or security assessment. This type of tools collects information about their targets including the company, systems, applications, or people.

Usage

Information gathering tools are typically used for discovery of sensitive information, information gathering, reconnaissance.

Users for these tools include pentesters, security professionals.

Tools

DMitry (information gathering tool)

This small utility can retrieve information from the WHOIS database, to see who owns an IP address or domain name. Besides that, it can obtain information from the system itself, like the uptime. DMitry also has the option to search for email addresses, perform a TCP port scan, and use modules specified by the user.

Domain Analyzer (domain information gathering)

information gathering, penetration testing

Domain Analyzer is an information gathering tool and comes in handy for reconnaissance. This can be useful for doing penetration testing or evaluating what information is publically available about your own domains. Some pieces of information that can be discovered include DNS servers, IP addresses, mail servers, SPF information, open ports, and more.

GasMask (open source intelligence gathering tool)

information gathering

GasMask is an open source intelligence gathering tool (OSINT). It can be used to discover more information about a particular target. The sources it uses include search engines like Bing, Google, and Yandex. Additionally it retrieves information from GitHub, YouTube, and social media platforms like Twitter.

Gitmails (email harvesting from repositories)

email harvesting, information gathering, reconnaissance

This tool can be used to perform reconnaissance on a company or individual target by looking into software repositories. Meta-data like commit activity can reveal who is working for a particular company. This tool helps to extract emails from software repositories.

GitMiner (Git data miner)

asset discovery, discovery of sensitive information, information leak detection

GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.

RTA (vulnerability scanner)

information gathering, penetration testing, security assessment, system enumeration

RTA is helpful to automate scanning public resources of a company. As the project name implies, this may be used during red teaming, like a penetration test. That obviously does not limit its use, as it is similarly useful by the blue team.

With its integration with Nessus and other tools, RTA is more of a toolkit. This can be seen in its functionality, like subdomain enumeration and information gathering capabilities.

Th3inspector (extensive information gathering tool)

discovery of sensitive information, information gathering

This tool can be called a true 'inspector tool' as it helps to discover many types of data.

  • Website information
  • Domain and subdomain information
  • Mail server information and email
  • Phone details
  • IP addresses
  • Detection of used CMS

Wappalyzer (discovery of technology stack)

information gathering, reconnaissance, software identification

Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.