1
00:00:00,360 --> 00:00:07,410
OK, so for now, we took a look at a couple of tools used for information gathering, but what happens

2
00:00:07,410 --> 00:00:13,390
if some of the tools stop working or if they get outdated, what are we going to do?

3
00:00:14,370 --> 00:00:18,510
We cannot depend on certain tools, if at all breaks.

4
00:00:18,540 --> 00:00:25,820
We must find our way around to do the task, either using other tools or by creating that tool ourselves.

5
00:00:27,040 --> 00:00:34,000
Well, luckily, there are a lot of tools available for us to download online, and we cannot cover

6
00:00:34,000 --> 00:00:38,390
all of them, but what is important to cover is how we can download them.

7
00:00:39,220 --> 00:00:44,950
So in this video, we're going to be searching for an information gathering tool that we can download

8
00:00:44,950 --> 00:00:47,290
online and then run in clinics.

9
00:00:47,980 --> 00:00:52,510
And the best place where we can find those download is GitHub.

10
00:00:53,080 --> 00:00:59,100
Most of you, if you are either a developer or a programmer, are already familiar with GitHub.

11
00:00:59,110 --> 00:01:05,050
And for those of you who don't know what GitHub is, GitHub is world's largest community of developers

12
00:01:05,050 --> 00:01:06,760
that build and share their software.

13
00:01:06,940 --> 00:01:10,260
So let's see how we can download some additional tools from there.

14
00:01:10,540 --> 00:01:12,640
First of all, open up your Firefox.

15
00:01:12,820 --> 00:01:19,240
And when we download tools, we either know exactly which tools we want to download.

16
00:01:19,480 --> 00:01:25,080
So we search them by their name or we have no idea what tools even exist.

17
00:01:25,750 --> 00:01:28,880
And this is the case with we don't even know what we want.

18
00:01:29,570 --> 00:01:33,870
We only know that we are looking for a tool used for information gathering.

19
00:01:34,270 --> 00:01:39,700
So let's just type that in search bar type information gathering tools, GitHub.

20
00:01:40,960 --> 00:01:48,640
Up here, information gathering tools get up, press enter.

21
00:01:50,720 --> 00:01:56,960
OK, so let's just click and go with the first link information gathering tools, make sure that it

22
00:01:56,960 --> 00:02:03,680
is from the GitHub page and down here it will update us with a bunch of different tools that are used

23
00:02:03,680 --> 00:02:04,880
for information gathering.

24
00:02:05,630 --> 00:02:11,900
As we can see in the description, scan all possible codes for a given domain name, information gathering,

25
00:02:11,900 --> 00:02:13,220
websites, reconnaissance.

26
00:02:13,640 --> 00:02:19,640
This is a program to detect probability of admin page and we got a bunch of different tools.

27
00:02:19,640 --> 00:02:23,450
If we go to some other links, we will also see some other tools available.

28
00:02:24,550 --> 00:02:31,780
So from the second link, we get the Sherlock, the Photon F Society and testing Bible, if we go all

29
00:02:31,780 --> 00:02:33,290
the way down, here is the harvester.

30
00:02:33,310 --> 00:02:35,820
Remember this tool we used in the previous video?

31
00:02:35,860 --> 00:02:40,720
And by the way, if you didn't test out once again whether you managed to get some of the results with

32
00:02:40,720 --> 00:02:42,240
it, try it out right now.

33
00:02:43,320 --> 00:02:52,740
And down here, we will get Discover, which is also known to Rikoon striker Fred Hauk Sand Map and

34
00:02:52,740 --> 00:02:53,980
a bunch of others as well.

35
00:02:54,000 --> 00:02:56,360
And let's just go with any one of them.

36
00:02:56,940 --> 00:03:00,080
Let's just go with this one that does fit the description.

37
00:03:00,090 --> 00:03:06,750
It says all in one tool for information gathering, for ability scanning and crawling, I must have

38
00:03:06,750 --> 00:03:08,400
for all penetration testers.

39
00:03:09,060 --> 00:03:10,720
OK, so it seems interesting.

40
00:03:10,830 --> 00:03:11,700
Let us click on it.

41
00:03:11,940 --> 00:03:15,460
Click on Redhawk and here is the page of The Tool.

42
00:03:15,990 --> 00:03:18,360
These are all of the files that the tool has.

43
00:03:18,540 --> 00:03:20,130
We can see them right here.

44
00:03:20,970 --> 00:03:21,560
Down here.

45
00:03:21,570 --> 00:03:22,860
We got freed me.

46
00:03:23,970 --> 00:03:30,480
This is what we can perform with Fred Hawk so we can read what are our available options with it and

47
00:03:30,570 --> 00:03:37,320
down here, released versions changelog down here, we also get how we can install it, how to configure

48
00:03:37,320 --> 00:03:39,510
it, and we get usage.

49
00:03:41,150 --> 00:03:46,160
Now, sometimes you will need to install some of the requirements that tool needs in order to run,

50
00:03:46,790 --> 00:03:51,710
and you can almost always find the comments that you must run on this tool page.

51
00:03:51,830 --> 00:03:55,670
So as we can see right here, we got the usage and installation.

52
00:03:55,670 --> 00:03:58,340
So all we need to do is follow both of them.

53
00:03:59,180 --> 00:04:02,090
And different tools might need different requirements.

54
00:04:02,090 --> 00:04:06,290
But this is something that you will get better at the more tools you install.

55
00:04:07,310 --> 00:04:12,470
However, to just download a tool from GitHub, you will always use the same command.

56
00:04:12,470 --> 00:04:17,060
And for this command, what we need to do is we need to copy the link to this top.

57
00:04:17,810 --> 00:04:21,260
So copy up here, this link, right.

58
00:04:21,260 --> 00:04:22,040
Click copy.

59
00:04:22,460 --> 00:04:24,950
Let us lower this page and open our terminal.

60
00:04:26,510 --> 00:04:34,010
And the comment is git clone and by the way, make sure that you're in the desktop directly before you

61
00:04:34,010 --> 00:04:41,600
run this then type git clone space and then paste the link and press enter.

62
00:04:42,320 --> 00:04:46,220
And this is the command that we use to download a tool from GitHub.

63
00:04:47,520 --> 00:04:53,940
As we can see right here, it downloaded all of the files and right now on our desktop we got the folder

64
00:04:53,940 --> 00:04:56,040
called Redhawk, which is our tool.

65
00:04:56,790 --> 00:05:02,610
And also keep in mind that sometimes once you're searching for a tool, you might need to download multiple

66
00:05:02,610 --> 00:05:04,950
different tools before you run into a good one.

67
00:05:05,580 --> 00:05:07,740
So let's test this Redhawk tool out.

68
00:05:07,740 --> 00:05:11,310
Let's see whether it is any good to run it.

69
00:05:12,130 --> 00:05:18,510
Well, we don't know how to run it, but we can go to the Redhawk directory and see what files we got

70
00:05:18,510 --> 00:05:19,010
right here.

71
00:05:19,680 --> 00:05:23,150
So we've got some configuration files, functions.

72
00:05:23,670 --> 00:05:27,300
These are all of the files that we really are not interested in at the moment.

73
00:05:27,990 --> 00:05:33,390
If there was, for example, I use a file, we would most likely want to read that in case the tool

74
00:05:33,390 --> 00:05:34,200
is complicated.

75
00:05:34,560 --> 00:05:38,310
But for now, we've got this Redhawk dot file.

76
00:05:38,730 --> 00:05:42,830
And out of all of these files, this is the file that seems to be the tool.

77
00:05:43,800 --> 00:05:44,990
So how can we run this?

78
00:05:45,090 --> 00:05:47,820
Well, first we notice what type of file it is.

79
00:05:48,450 --> 00:05:49,770
It is a PDF file.

80
00:05:50,580 --> 00:05:54,990
So to run it, we must type B and then the file name.

81
00:05:55,800 --> 00:06:00,690
If it was, for example, a python file, we would type Python and then the file name.

82
00:06:01,770 --> 00:06:05,140
So depending on which file type it is, we run it like this.

83
00:06:05,170 --> 00:06:14,430
So Fred, that BHP and press enter it to load this with its banner and it tells us right here that some

84
00:06:14,430 --> 00:06:22,200
of the modules are missing and it tells us that we can try fix command or we can simply just install

85
00:06:22,200 --> 00:06:23,760
it ourselves using terminal.

86
00:06:24,300 --> 00:06:27,540
So let's see whether this tool will install it for us if I type fix.

87
00:06:28,930 --> 00:06:34,500
Checking if Colonel Module is installed, commands not installed and installing Kearl operation requires

88
00:06:34,660 --> 00:06:36,660
the permissions you might be asked for password.

89
00:06:36,880 --> 00:06:40,540
This asks us for pseudo password and let's put it.

90
00:06:42,430 --> 00:06:48,880
And it seems to be downloading the kernel module for us automatically and we don't need to run other

91
00:06:48,880 --> 00:06:49,330
comments.

92
00:06:49,870 --> 00:06:52,560
It is also installing the second thing that time missing.

93
00:06:53,260 --> 00:06:54,910
So let's just wait for this to finish.

94
00:06:55,420 --> 00:06:58,090
And it tells us right here, job finished successfully.

95
00:06:58,300 --> 00:06:59,680
Please restart Redhawk.

96
00:06:59,950 --> 00:07:03,940
So let's clear the screen and find once again Redhawk.

97
00:07:03,940 --> 00:07:07,150
And right now we don't get any error messages right here.

98
00:07:07,990 --> 00:07:10,990
It only asks us which website we want to scan.

99
00:07:11,620 --> 00:07:13,260
So let's just go with Google.

100
00:07:13,510 --> 00:07:13,960
Why not?

101
00:07:14,140 --> 00:07:20,830
Let's see what are the available options that we have and to run for HTP or enter two for DPS.

102
00:07:20,830 --> 00:07:24,160
And since Google DPS, of course we will select two.

103
00:07:25,090 --> 00:07:33,370
And here all of the available options that we can use with our Redhawk basic recon title IP address

104
00:07:33,370 --> 00:07:34,480
called For Detection.

105
00:07:34,720 --> 00:07:37,540
So let's see just the basic fraction of Google.

106
00:07:37,810 --> 00:07:41,830
If I type numbers zero, it should perform the basic recon.

107
00:07:42,790 --> 00:07:45,760
And here are some of the basic output for Google.

108
00:07:45,760 --> 00:07:53,350
So we got site title to be Google IP address web server CloudFlare and it seems to be stuck at CloudFlare,

109
00:07:53,350 --> 00:07:55,150
so let's just control it.

110
00:07:55,150 --> 00:07:57,730
It could be just the back and let's run it once again.

111
00:07:58,210 --> 00:08:06,070
I have Google Dotcom Type two for https and let's go once again with zero just to see whether it will

112
00:08:06,070 --> 00:08:07,840
perform it correctly right now.

113
00:08:09,250 --> 00:08:12,310
And never mind, it seems to be stuck at CloudFlare once again.

114
00:08:12,460 --> 00:08:15,550
So let's just go with other options and test them out.

115
00:08:16,270 --> 00:08:17,770
Now, this is what I'm talking about.

116
00:08:17,770 --> 00:08:23,020
Maybe if you don't like this tool, maybe you want to consider going and finding some other one.

117
00:08:23,410 --> 00:08:25,600
But for now, we only tested one of the options.

118
00:08:25,600 --> 00:08:29,710
So let's go with other ones as well and see what else can we get.

119
00:08:29,980 --> 00:08:31,180
The hope is look up.

120
00:08:31,180 --> 00:08:32,170
Let's go with that one.

121
00:08:33,730 --> 00:08:42,270
And we get the who is responsible for our Google good, so this option seems to work, it tells us an

122
00:08:42,290 --> 00:08:43,960
incomplete presented to continue.

123
00:08:43,990 --> 00:08:47,780
So let's continue and let's go with Geo IP lookup.

124
00:08:48,070 --> 00:08:53,380
This should tell us the coordinates of the Google, and it does tell us the country, the IP address,

125
00:08:53,680 --> 00:08:57,730
the latitude and longitude, but city and state seems to be unavailable.

126
00:08:58,510 --> 00:09:00,210
Let's go with another option.

127
00:09:00,610 --> 00:09:07,660
We got carabiners, DNS lookup subnet calculator and map ports can and this option right here is something

128
00:09:07,660 --> 00:09:13,000
that we are not going to run right now, since this is something that we cover in the scanning section.

129
00:09:13,420 --> 00:09:17,200
The subdomains scanner is also something that we are not going to be doing right now.

130
00:09:17,830 --> 00:09:18,880
These options as well.

131
00:09:18,910 --> 00:09:22,330
So these are just some of the advanced options that we are going to cover later on.

132
00:09:22,340 --> 00:09:24,550
So we won't be running them at the moment.

133
00:09:24,950 --> 00:09:30,790
We can go with it, for example, DNS lookup to check out which DNS service it has.

134
00:09:31,090 --> 00:09:32,550
And here is the output.

135
00:09:32,980 --> 00:09:35,080
So this tool seems to be pretty good.

136
00:09:35,260 --> 00:09:37,410
It does give us some of the information for Google.

137
00:09:38,020 --> 00:09:43,510
Now, of course, there are other options that we didn't run and that I would advise you not run, since

138
00:09:43,510 --> 00:09:46,090
some of them can be considered advanced scanning methods.

139
00:09:46,870 --> 00:09:49,840
But nonetheless, we will be covering them in the next section.

140
00:09:50,990 --> 00:09:57,110
So for now on what we did is we managed to find the random tool on GitHub, install it and get it to

141
00:09:57,110 --> 00:09:57,470
work.

142
00:09:57,650 --> 00:10:01,310
We also tested it out and it did give us some of the information.

143
00:10:02,220 --> 00:10:09,150
Now, what they want you to do for the next video is try to download the same way a tool called Shedlock,

144
00:10:09,810 --> 00:10:11,370
it is also tool from GitHub.

145
00:10:11,380 --> 00:10:12,690
We saw it up here.

146
00:10:12,750 --> 00:10:20,280
If I go one step back to this page, the first tool that we saw was, I believe, called Sherlock.

147
00:10:21,350 --> 00:10:27,320
Try to download this tool, it is a tool that is used to discover different accounts on different platforms

148
00:10:27,440 --> 00:10:29,370
based on the user names that you specify.

149
00:10:29,840 --> 00:10:34,010
Try it out and we will see how to download it and run it in the next video.