Objectives:

• Footprinting a target using Recon-ng
• Footprinting a target using Maltego
• Footprinting a target using OSRFramework
• Footprinting a target using BillCipher
• Footprinting a target using OSINT Framework

Machines Used:

• Parrot OS

Tools Used:

Name: Recon-ng

Objective: Footprint a target using Recon-ng

Function: Collect information on a target like IP location information, routing information, business information, addresses, phone numbers, SSNs, DNS information and domain information. Recon-ng is a web recon tool with independent modules. 

Commands and Options:

Results: Using the tool allows you to set specific options and use different modules to gather data on a target. You can also use the tool to store the information into an html file so you can read through it or submit it as a report. 

Precautions: Permission is required to use the tool. 

Countermeasures/Mitigation: ReconNG uses public databases so your best bet is to not use sites, or if you do use a fake name. 

Name: Maltego

Objective: Footprint a Target using Maltego

Function: Maltego is a tool used to gather information for computer forensics, and pentesting. It presents the data in a visually appealing format rather than the typical command line. 
Commands and Options: Once you create an account and select community edition you are presented with this interface.

Use the right side menu (1) to select an entity. Then drag and drop it over into the map (2)

By right clicking you are presented with a drop down menu to extract the specific information you need. Maltego will then dynamically build out a map using public databases with the information you requested. 

Results: Build a map around a target visually. Use easy to use drop down menus to select specific information you are looking for. Build a report and graph of an entire engagement. 

Name: OSRFramework

Objective: Footprinting a target using OSRFramework

Function: Provides a search tool for OSINT tasks. For usernames, DNS lookups, information leaks, deep web searches, etc. 

Commands and Options:

• usuf.py -n <target> -p <platform>
• domainfy.py -n <Domain> -t all
• searchfy.py
• mailfy.py
• phonefy.py
• entify.py

Results: Another useful tool to get usernames domains and ip addresses. 

Name: Bill Cipher

Objective: Footprint a target using BillCipher

Function: This is a tool that is a mash-up of other tools put together that uses an “easy” number format where you just smash a number and it spits out the information you want. It is questionably not all that reliable and a few years out of date. The example that it uses just pings one side of a point to point link and gives you a 2 host /32 subnet. The page scanner is not really an exhaustive list, with Gobuster and an actual directory list ran against the same target there were more directories found with more useful information. This tool is not really teaching anything and seems like a waste of time. 

Commands and Options: 1-22
Results: Similarly, you can use other information gathering options to gather information about the target. Was an actual sentence in the lab. “Page Links” vs. gobuster at 11% complete.

Name: OSINT Framework

Objective: Footprint a Target using OSINT Framework

Function: A simple website that is categorically defined based on your OSINT investigations needs. 

Commands and Options: Clicking 

Results: Usernames, Addresses, Social Networks, forums/Blogs, Dark Web, Threat Intel, Training. Gets you to a good starting place with free resources.  

Precautions: Ensure you have permission to use this tool against a target, some information may be confidential. 

Countermeasures/Mitigation: Blocking ports, limiting social media, using proxy servers, registering domains privately, subnetting, ACL’s, encrypted email, web code satitization. 

Personal Reflection: 

    This lab started off very strong with a good introduction to ReconNG. It is similar to metasploit in that you can load modules into it and target your attack very specifically. It is easy to use and has good results. Maltego is another amazing tool with a good introduction on how to use it and what its capabilities are. The presentation of the tool itself is clean and easy to read. I think it is probably helpful when doing an investigation into something/somebody to look at a visual representation of a big picture. The rest of the tools I thought really fell flat. They are really just less powerful rehashes of more capable tools, but may be helpful for beginners who need something a little more simple to use. The OSINT framework was a nice way to finish it off. It provides a nice way to organize links that are tailored to OSINT investigations. Overall I had fun in the beginning but felt it was a little too long and tedious where it did not need to be, a little more focus on the first two tools would have been nice. 

Works Cited

EC-Council. Certified Ethical Hacker (CEH) Version 11 eBook w/ iLabs (Volumes 1 through 4). International Council of E-Commerce Consultants (EC Council), 2020. [VitalSource Bookshelf].