上QQ阅读APP看书,第一时间看更新
Using scripts to automatically gather OSINT data
In the field of information security research, the time that we can save is critical when performing information gathering, which can yield vulnerability research and exploitation results. In this section, we will focus on how to automate some of the OSINT to make passive reconnaissance more effective:
#!/bin/bash
echo "Enter target domain: "
read domain
if [[ $domain != "" ]]; then
echo "Target domain set to $domain"
echo "********************************************"
echo "The Harvestor"
theharvester -d $domain -l 500 -b all -f harvester_$domain
echo "done!"
echo "********************************************"
echo "Whois Details"
whois $domain >> whois_$domain
echo "done!"
echo "********************************************"
echo "Searching for txt files on $domain using Goofile..."
goofile -d $domain -f txt >> goofile_txt_$domain
echo "done!"
echo "********************************************"
echo "Searching for pdf files on $domain using Goofile..."
goofile -d $domain -f pdf >> goofile_pdf_$domain
echo "done!"
echo "********************************************"
echo "Searching for pdf files on $domain using Goofile..."
goofile -d $domain -f doc >> goofile_doc_$domain
echo "done!"
echo "********************************************"
echo "Searching for pdf files on $domain using Goofile..."
goofile -d $domain -f xls >> goofile_xls_$domain
echo "done!"
else
echo "Error! Please enter a domain... "
fi
The preceding automation is a very simple script that makes use of some of the command-line tools in Kali and stores the output in multiple files without a database. However, attackers can make use of similar scripts to automate the majority of command-line tools to harvest information.