As per OWASP Testing Guide v4, the
first phase in security assessment is focused on collecting as much
information as possible about a target application. Information
Gathering is the most critical step of an application security test. The
security test should endeavour to test as much of the code base as
possible. Thus mapping all possible paths through the code to facilitate
thorough testing is paramount.
This task can be carried out in many different ways.
By using public tools (search engines), scanners, sending simple HTTP
requests, or specially crafted requests, it is possible to force the
application to leak information, e.g., disclosing error messages or
revealing the versions and technologies used.
Below are the list of tools, are used to gather information.
- acccheck
- ace-voip
- Amap
- Automater
- bing-ip2hosts
- braa
- CaseFile
- CDPSnarf
- cisco-torch
- Cookie Cadger
- copy-router-config
- DMitry
- dnmap
- dnsenum
- dnsmap
- DNSRecon
- dnstracer
- dnswalk
- DotDotPwn
- enum4linux
- enumIAX
- exploitdb
- Fierce
- Firewalk
- fragroute
- fragrouter
- Ghost Phisher
- GoLismero
- goofile
- hping3
- InTrace
- iSMTP
- lbd
- Maltego Teeth
- masscan
- Metagoofil
- Miranda
- Nmap
- ntop
- p0f
- Parsero
- Recon-ng
- SET
- smtp-user-enum
- snmpcheck
- sslcaudit
- SSLsplit
- sslstrip
- SSLyze
- THC-IPV6
- theHarvester
- TLSSLed
- twofi
- URLCrazy
- Wireshark
- WOL-E
- Xplico
Only you knw how to solve YOUR problem .... Coz no one is walking in your shoes
ConversionConversion EmoticonEmoticon