1
00:00:00,420 --> 00:00:02,940
-: Okay, so for now, we took a look at couple

2
00:00:02,940 --> 00:00:05,273
of tools used for information gathering,

3
00:00:05,273 --> 00:00:08,700
but what happens if some of the tools

4
00:00:08,700 --> 00:00:11,943
stop working or if they get outdated?

5
00:00:11,943 --> 00:00:13,835
What are we going to do?

6
00:00:13,835 --> 00:00:17,400
We cannot depend on certain tools.

7
00:00:17,400 --> 00:00:19,680
If a tool breaks we must find our way

8
00:00:19,680 --> 00:00:23,610
around to do the task either using other tool

9
00:00:23,610 --> 00:00:26,412
or by creating that tool ourselves.

10
00:00:26,412 --> 00:00:30,180
Well, luckily there are a lot of tools available

11
00:00:30,180 --> 00:00:34,530
for us to download online and we cannot cover all of them.

12
00:00:34,530 --> 00:00:38,902
But what is important to cover is how we can download them.

13
00:00:38,902 --> 00:00:41,407
So in this video, we're going to be searching

14
00:00:41,407 --> 00:00:44,550
for an information gathering tool that we can

15
00:00:44,550 --> 00:00:47,550
download online and then run in Kali Linux.

16
00:00:47,550 --> 00:00:50,490
And the best place where we can find those

17
00:00:50,490 --> 00:00:53,100
to download is GitHub.

18
00:00:53,100 --> 00:00:55,263
Most of you, if you are either a developer

19
00:00:55,263 --> 00:00:59,100
or a programmer are already familiar with GitHub.

20
00:00:59,100 --> 00:01:02,010
And for those of you who don't know what GitHub is,

21
00:01:02,010 --> 00:01:03,958
GitHub is world's largest community

22
00:01:03,958 --> 00:01:06,930
of developers that build and share their software.

23
00:01:06,930 --> 00:01:08,910
So let's see how we can download

24
00:01:08,910 --> 00:01:10,560
some additional tools from there.

25
00:01:10,560 --> 00:01:12,496
First of all, open up your Firefox

26
00:01:12,496 --> 00:01:15,210
and when we download tools,

27
00:01:15,210 --> 00:01:19,500
we either know exactly which tools we want to download

28
00:01:19,500 --> 00:01:21,268
so we search them by their name

29
00:01:21,268 --> 00:01:25,442
or we have no idea what tools even exist.

30
00:01:25,442 --> 00:01:29,002
And this is the case where we don't even know what we want.

31
00:01:29,002 --> 00:01:31,140
We only know that we are looking

32
00:01:31,140 --> 00:01:34,290
for a tool used for information gathering.

33
00:01:34,290 --> 00:01:35,711
So let's just type that.

34
00:01:35,711 --> 00:01:40,711
In search bar type information gathering tools GitHub.

35
00:01:41,100 --> 00:01:46,100
Up here, information gathering tools, GitHub, press enter.

36
00:01:50,421 --> 00:01:54,150
Okay, so let's just click and go with the first link.

37
00:01:54,150 --> 00:01:56,010
Information Gathering Tools.

38
00:01:56,010 --> 00:01:58,805
Make sure that it is from the GitHub page

39
00:01:58,805 --> 00:02:02,100
and down here it'll output us with bunch

40
00:02:02,100 --> 00:02:05,640
of different tools that are used for information gathering.

41
00:02:05,640 --> 00:02:08,070
As we can see in the description,

42
00:02:08,070 --> 00:02:10,830
scan all possible TLDs for a given domain name.

43
00:02:10,830 --> 00:02:13,086
Information gathering, website reconnaissance.

44
00:02:13,086 --> 00:02:16,980
This is a program to detect probability of admin page

45
00:02:16,980 --> 00:02:19,590
and we got bunch of different tools.

46
00:02:19,590 --> 00:02:21,330
If we go to some other links,

47
00:02:21,330 --> 00:02:24,158
we will also see some other tools available.

48
00:02:24,158 --> 00:02:27,450
So from the second link we get the Sherlock,

49
00:02:27,450 --> 00:02:31,140
the Photon, fsociety and Testing Bible.

50
00:02:31,140 --> 00:02:33,270
If I go all the way down here is the Harvester.

51
00:02:33,270 --> 00:02:35,850
Remember this tool we used in the previous video?

52
00:02:35,850 --> 00:02:38,370
And by the way, if you didn't test out once again

53
00:02:38,370 --> 00:02:39,960
whether you managed to get some

54
00:02:39,960 --> 00:02:42,423
of the results with it, try it out right now.

55
00:02:43,581 --> 00:02:46,440
And down here we will get Discover

56
00:02:46,440 --> 00:02:50,871
which is also a known tool, Raccoon, Striker, Red Hawk,

57
00:02:50,871 --> 00:02:54,030
Sand Map, and bunch of others as well.

58
00:02:54,030 --> 00:02:56,940
And let's just go with any one of them.

59
00:02:56,940 --> 00:02:58,860
Let's just go with this one.

60
00:02:58,860 --> 00:03:00,060
Let us read the description.

61
00:03:00,060 --> 00:03:02,880
It says all in one tool for information gathering,

62
00:03:02,880 --> 00:03:05,580
for ability scanning and crawling.

63
00:03:05,580 --> 00:03:09,000
A must tool have for all penetration testers.

64
00:03:09,000 --> 00:03:11,940
Okay, so it seems interesting, let us click on it.

65
00:03:11,940 --> 00:03:15,960
Click on Red Hawk and here is the page of the tool.

66
00:03:15,960 --> 00:03:18,570
These are all of the files that the tool has.

67
00:03:18,570 --> 00:03:21,000
We can see them right here.

68
00:03:21,000 --> 00:03:23,263
Down here we got read me.

69
00:03:23,263 --> 00:03:26,760
This is what we can perform with Red Hawk,

70
00:03:26,760 --> 00:03:30,090
so we can read what are our available options with it.

71
00:03:30,090 --> 00:03:32,983
And down here, released versions, change log.

72
00:03:32,983 --> 00:03:36,480
Down here we also get how we can install it,

73
00:03:36,480 --> 00:03:39,633
how to configure it, and we get usage.

74
00:03:40,689 --> 00:03:43,590
Now, sometimes you will need to install some

75
00:03:43,590 --> 00:03:45,330
of the requirements that tool needs

76
00:03:45,330 --> 00:03:48,104
in order to run, and you can almost always

77
00:03:48,104 --> 00:03:51,840
find the commands that you must run on this tool page.

78
00:03:51,840 --> 00:03:53,664
So as we can see right here,

79
00:03:53,664 --> 00:03:55,650
we got the usage and installation.

80
00:03:55,650 --> 00:03:59,250
So all we need to do is follow both of them.

81
00:03:59,250 --> 00:04:02,070
And different tools might need different requirements

82
00:04:02,070 --> 00:04:04,710
but this is something that you will get better

83
00:04:04,710 --> 00:04:06,423
at the more tools you install.

84
00:04:07,350 --> 00:04:10,110
However, to just download the tool from GitHub

85
00:04:10,110 --> 00:04:12,480
you will always use the same command.

86
00:04:12,480 --> 00:04:13,920
And for this command,

87
00:04:13,920 --> 00:04:17,850
what we need to do is we need to copy the link to this tool.

88
00:04:17,850 --> 00:04:22,440
So copy up here, this link, right click copy.

89
00:04:22,440 --> 00:04:25,113
Let us lower this page and open our terminal.

90
00:04:26,580 --> 00:04:30,300
And the command is Git Clone.

91
00:04:30,300 --> 00:04:31,860
And by the way, make sure that you're

92
00:04:31,860 --> 00:04:34,733
in the slash desktop directory before you run this.

93
00:04:34,733 --> 00:04:38,220
Then type Git clone space

94
00:04:38,220 --> 00:04:42,390
and then paste the link and press enter.

95
00:04:42,390 --> 00:04:44,610
And this is the command that we use to

96
00:04:44,610 --> 00:04:46,668
download a tool from GitHub.

97
00:04:46,668 --> 00:04:50,670
As we can see right here, it downloaded all of the files.

98
00:04:50,670 --> 00:04:52,860
And right now on our desktop

99
00:04:52,860 --> 00:04:56,880
we got the folder called Red Hawk, which is our tool.

100
00:04:56,880 --> 00:04:59,940
And also keep in mind that sometimes once you're searching

101
00:04:59,940 --> 00:05:02,550
for a tool, you might need to download multiple

102
00:05:02,550 --> 00:05:05,580
different tools before you run into a good one.

103
00:05:05,580 --> 00:05:07,740
So let's test this Red Hawk tool out.

104
00:05:07,740 --> 00:05:10,170
Let's see whether it is any good.

105
00:05:10,170 --> 00:05:14,040
To run it, well, we don't know how to run it,

106
00:05:14,040 --> 00:05:16,377
but we can go to the Red Hawk directory

107
00:05:16,377 --> 00:05:19,710
and see what files we got right here.

108
00:05:19,710 --> 00:05:23,640
So we got some PHP configuration files, functions, PHP.

109
00:05:23,640 --> 00:05:24,660
These are all of the files

110
00:05:24,660 --> 00:05:28,020
that we really are not interested in at the moment.

111
00:05:28,020 --> 00:05:30,150
If there was for example, a usage file,

112
00:05:30,150 --> 00:05:32,550
we would most likely want to read that

113
00:05:32,550 --> 00:05:34,590
in case the tool is complicated.

114
00:05:34,590 --> 00:05:38,790
But for now, we got this Red Hawk dot PHP file.

115
00:05:38,790 --> 00:05:41,060
And out of all of these files, this is the file

116
00:05:41,060 --> 00:05:42,993
that seems to be the tool.

117
00:05:43,830 --> 00:05:45,090
So how can we run this?

118
00:05:45,090 --> 00:05:47,908
Well, first we notice what type of file it is.

119
00:05:47,908 --> 00:05:50,111
It is a PHP file.

120
00:05:50,111 --> 00:05:52,473
So to run it we must type PHP.

121
00:05:53,580 --> 00:05:58,170
And then the file name, if it was for example, a Python file

122
00:05:58,170 --> 00:06:00,843
we would type Python and then the file name.

123
00:06:01,770 --> 00:06:05,130
So depending on which file type it is, we run it like this.

124
00:06:05,130 --> 00:06:09,011
So PHP, Red Hawk dot PHP and press enter.

125
00:06:09,011 --> 00:06:14,010
It'll load this with its banner and it tells us right here

126
00:06:14,010 --> 00:06:16,670
that some of the modules are missing

127
00:06:16,670 --> 00:06:19,930
and it tells us that we can try fix command

128
00:06:19,930 --> 00:06:24,330
or we can simply just install ourselves using terminal.

129
00:06:24,330 --> 00:06:26,670
So let's see whether this tool will install it for us.

130
00:06:26,670 --> 00:06:30,750
If I type fix, checking if curl module is installed

131
00:06:30,750 --> 00:06:32,370
curl module not installed

132
00:06:32,370 --> 00:06:35,280
and installing curl operation requires sudo permission,

133
00:06:35,280 --> 00:06:36,900
so you might be asked for password.

134
00:06:36,900 --> 00:06:40,683
This asks us for sudo password and let's input it.

135
00:06:42,510 --> 00:06:44,940
And it seems to be downloading the curl module

136
00:06:44,940 --> 00:06:46,692
for us automatically

137
00:06:46,692 --> 00:06:49,860
and we don't need to run other commands.

138
00:06:49,860 --> 00:06:53,250
It is also installing the second thing, that I'm missing.

139
00:06:53,250 --> 00:06:55,500
So let's just wait for this to finish.

140
00:06:55,500 --> 00:06:56,850
And it tells us right here

141
00:06:56,850 --> 00:06:59,940
job finish successfully, please restart Red Hawk.

142
00:06:59,940 --> 00:07:01,950
So let's clear the screen and run.

143
00:07:01,950 --> 00:07:03,960
Once again, PHP Red Hawk.

144
00:07:03,960 --> 00:07:07,286
And right now we don't get any error messages right here.

145
00:07:07,286 --> 00:07:11,640
It only asks us which website we want to scan.

146
00:07:11,640 --> 00:07:14,130
So let's just go with Google, why not?

147
00:07:14,130 --> 00:07:17,250
Let's see, what are the available options that we have,

148
00:07:17,250 --> 00:07:20,820
enter one for HTTP or enter two for HTTPS.

149
00:07:20,820 --> 00:07:24,303
And since Google is HTTPS, of course, we'll select two.

150
00:07:25,140 --> 00:07:28,148
And here are all of the available options that we can use

151
00:07:28,148 --> 00:07:31,620
with our Red Hawk basic recon.

152
00:07:31,620 --> 00:07:34,740
Site title, IP address, CloudFlare detection.

153
00:07:34,740 --> 00:07:37,770
So let's see, just the basic recon of Google.

154
00:07:37,770 --> 00:07:41,973
If I type number zero, it should perform the basic recon.

155
00:07:42,870 --> 00:07:45,720
And here are some of the basic output for Google.

156
00:07:45,720 --> 00:07:48,030
So we got site title to be Google,

157
00:07:48,030 --> 00:07:49,997
IP address, web server, CloudFlare.

158
00:07:49,997 --> 00:07:53,310
And it seems to be stuck at CloudFlare,

159
00:07:53,310 --> 00:07:55,110
so let's just control C it.

160
00:07:55,110 --> 00:07:56,310
It could be just a bug.

161
00:07:56,310 --> 00:07:59,789
And let's run it once again, type google.com,

162
00:07:59,789 --> 00:08:03,930
type two for HTTPS and let's go once again

163
00:08:03,930 --> 00:08:05,730
with zero just to see whether

164
00:08:05,730 --> 00:08:10,020
it'll perform it correctly right now and nevermind.

165
00:08:10,020 --> 00:08:12,480
It seems to be stuck at CloudFlare once again.

166
00:08:12,480 --> 00:08:16,320
So let's just go with other options and test them out.

167
00:08:16,320 --> 00:08:17,730
Now this is what I'm talking about.

168
00:08:17,730 --> 00:08:20,040
Maybe if you don't like this tool,

169
00:08:20,040 --> 00:08:21,630
maybe you want to consider going

170
00:08:21,630 --> 00:08:23,460
and finding some other one.

171
00:08:23,460 --> 00:08:25,590
But for now, we only tested one of the options.

172
00:08:25,590 --> 00:08:27,390
So let's go with other ones as well

173
00:08:27,390 --> 00:08:29,970
and see what else can we get?

174
00:08:29,970 --> 00:08:32,342
The whois lookup, let's go with that one.

175
00:08:33,809 --> 00:08:37,715
And we get the whois response for our Google.

176
00:08:37,715 --> 00:08:41,460
Good. So this option seems to work.

177
00:08:41,460 --> 00:08:43,950
It tells us scanning complete, press enter to continue.

178
00:08:43,950 --> 00:08:48,060
So let's continue and let's go with geo-IP lookup.

179
00:08:48,060 --> 00:08:50,520
This should tell us the coordinates of the Google

180
00:08:50,520 --> 00:08:52,530
and it does tell us the country,

181
00:08:52,530 --> 00:08:54,570
the IP address, the latitude and

182
00:08:54,570 --> 00:08:58,500
longitude, but city and state seems to be unavailable.

183
00:08:58,500 --> 00:09:00,630
Let's go with another option.

184
00:09:00,630 --> 00:09:03,828
We got grab banners, DNS lookup, subnet calculator

185
00:09:03,828 --> 00:09:05,640
and nmap port scan.

186
00:09:05,640 --> 00:09:07,650
And this option right here is something

187
00:09:07,650 --> 00:09:09,641
that we are not going to run right now

188
00:09:09,641 --> 00:09:11,760
since this is something that we cover

189
00:09:11,760 --> 00:09:13,440
in the scanning section.

190
00:09:13,440 --> 00:09:15,180
The subdomains scanner is also something

191
00:09:15,180 --> 00:09:17,790
that we are not going to be doing right now.

192
00:09:17,790 --> 00:09:18,870
These options as well.

193
00:09:18,870 --> 00:09:20,970
So these are just some of the advanced options

194
00:09:20,970 --> 00:09:22,290
that we are going to cover later on.

195
00:09:22,290 --> 00:09:24,960
So we won't be running them at the moment.

196
00:09:24,960 --> 00:09:27,210
We can go with, for example

197
00:09:27,210 --> 00:09:31,140
DNS lookup to check out which DNS servers it has.

198
00:09:31,140 --> 00:09:33,000
And here is the output.

199
00:09:33,000 --> 00:09:35,220
So this tool seems to be pretty good.

200
00:09:35,220 --> 00:09:38,070
It does give us some of the information for Google.

201
00:09:38,070 --> 00:09:41,280
Now of course, there are other options that we didn't run

202
00:09:41,280 --> 00:09:43,080
and that I would advise you not to run

203
00:09:43,080 --> 00:09:44,850
since some of them can be considered

204
00:09:44,850 --> 00:09:46,424
advanced scanning methods.

205
00:09:46,424 --> 00:09:48,870
But nonetheless, we will be covering them

206
00:09:48,870 --> 00:09:49,983
in the next section.

207
00:09:51,030 --> 00:09:53,760
So for now on what we did is we managed

208
00:09:53,760 --> 00:09:55,800
to find the random tool on GitHub,

209
00:09:55,800 --> 00:09:57,660
install it and get it to work.

210
00:09:57,660 --> 00:09:59,220
We also tested it out

211
00:09:59,220 --> 00:10:01,706
and it did give us some of the information.

212
00:10:01,706 --> 00:10:05,280
Now what I want you to do for the next video

213
00:10:05,280 --> 00:10:09,840
is try to download the same way a tool called Sherlock.

214
00:10:09,840 --> 00:10:11,310
It is also tool from GitHub.

215
00:10:11,310 --> 00:10:12,750
We saw it up here.

216
00:10:12,750 --> 00:10:16,260
If I go one step back to this page,

217
00:10:16,260 --> 00:10:20,949
the first tool that we saw was I believe, called Sherlock.

218
00:10:20,949 --> 00:10:23,220
Try to download this tool.

219
00:10:23,220 --> 00:10:26,010
It is a tool that is used to discover different accounts

220
00:10:26,010 --> 00:10:27,810
on different platforms based

221
00:10:27,810 --> 00:10:29,880
on the user names that you specify.

222
00:10:29,880 --> 00:10:32,490
Try it out and we will see how to download it

223
00:10:32,490 --> 00:10:34,143
and run it in the next video.