Information gathering tools
Introduction
Information gathering tools are a great asset to perform reconnaissance during a penetration test or security assessment. This type of tools collects information about their targets including the company, systems, applications, or people.
Usage
Information gathering tools are typically used for discovery of sensitive information, information gathering, reconnaissance.
Users for these tools include pentesters and security professionals.
Tools
Popular information gathering tools
DMitry (information gathering tool)
This small utility can retrieve information from the WHOIS database, to see who owns an IP address or domain name. Besides that, it can obtain information from the system itself, like the uptime. DMitry also has the option to search for email addresses, perform a TCP port scan, and use modules specified by the user.
Domain Analyzer (domain information gathering)
information gathering, penetration testing
Domain Analyzer is an information gathering tool and comes in handy for reconnaissance. This can be useful for doing penetration testing or evaluating what information is publically available about your own domains. Some pieces of information that can be discovered include DNS servers, IP addresses, mail servers, SPF information, open ports, and more.
GasMask (open source intelligence gathering tool)
information gathering
GasMask is an open source intelligence gathering tool (OSINT). It can be used to discover more information about a particular target. The sources it uses include search engines like Bing, Google, and Yandex. Additionally it retrieves information from GitHub, YouTube, and social media platforms like Twitter.
GitMiner (Git data miner)
asset discovery, discovery of sensitive information, information leak detection
GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.
Gitmails (email harvesting from repositories)
email harvesting, information gathering, reconnaissance
This tool can be used to perform reconnaissance on a company or individual target by looking into software repositories. Meta-data like commit activity can reveal who is working for a particular company. This tool helps to extract emails from software repositories.
RTA (vulnerability scanner)
information gathering, penetration testing, security assessment, system enumeration
RTA is helpful to automate scanning public resources of a company. As the project name implies, this may be used during red teaming, like a penetration test. That obviously does not limit its use, as it is similarly useful by the blue team.
With its integration with Nessus and other tools, RTA is more of a toolkit. This can be seen in its functionality, like subdomain enumeration and information gathering capabilities.
Th3inspector (extensive information gathering tool)
discovery of sensitive information, information gathering
This tool can be called a true 'inspector tool' as it helps to discover many types of data.
- Website information
- Domain and subdomain information
- Mail server information and email
- Phone details
- IP addresses
- Detection of used CMS
Wappalyzer (discovery of technology stack)
information gathering, reconnaissance, software identification
Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.