Information gathering is a very important step during a penetration testing project, if you are running a black box penetration test you need to check some online resources to get the details that will help you to find systems used by the organization, what online activities they have and start preparing profile of your target.
Sometimes you find Vulnerability that are not properly patched as the system requires a reboot to activate the patch while it is up for more than three months, this is one of many things that you need to check but the question is what kind of information we need to care about? And where to get all these details?
If you take a look at Backtrack you can find several tools for information gathering and among them The Skip Tracing Framework, this one really solid as it cover all what you need to gather online information including:
- Domain name (DNS Information, Website information, Machine specific, company services in the cloud…)
- IP addresses or network range Information(
- Search information about company name
- Full name, surname search tools
- Email addresses of the target
- Phone numbers that you can use for social engineering
- Nickname search and information
- Passwords hash online tools
- Images reversing tools
- URL information
- Specialized search engines.
The framework is very useful to find the gap, as you can find your target on a shared server that contains some vulnerable websites and allows you to take a full control on main server to compromise your target.
You can find The Skip Tracing Framework + Picture by following this link: http://makensi.es/stf/