Top 6 Tools I use for Information Gathering
Hello Everyone!! Today I will be sharing 6 tools which I use for quick information gathering of a target web application.
If you are a web application security expert, pentester or ethical hacker, you must be knowing that before testing application, gathering information regarding target is basic and very important step.
I will share my tips to gather more information regarding target in quickest way. I’m not talking about deep information scanning but instead of that I’m talking here about quick information gathering.
Deep information gather takes time but this blog is to give you quick idea about your target application so that it will help you to think about possible threats or vulnerabilities you can expect in target web application.
So, lets get started with the list:
Information Gathering Tool 1: Wappalyzer
Wappalyzer is a very usefull addon you can use in Mozilla Firefox.
Screenshot of Wappalyzer addon showing information
Information Gathering Tool 2: Virustotal
Virustotal is a website I use for information gathering.
I must say this website provides useful information and it is very quick.
Within just few seconds you will get information like Whois, various IP’s, possibly most of the subdomain list of web application which will make your scope broader and sometimes it also provides cache links with sensitive information.
Screenshot of Virustotal
Information Gathering Tool 3: Netcraft
Netcarft is also a website which provides interesting information.
This website generates and serve you information as report of each subdomain of targeted web application.
Now, you must be thinking that why I’m using Netcraft after using Virustotal? I must tell you that you should not rely on a single tool. Some tools will provide you information which other cannot. So, you should try different tools and gather unique information.
Through Netcraft I get useful information inside site report like OS, Web Server, Server-Side Technology, Client-Side Technology, Firewalls, Scripting Frameworks and so on.
Screenshot of Netcraft
Information Gathering Tool 4: Web Archive
Web Archive is very helpful when you want to compare target website with its older version or when it was in developing phase.
Web Archive is a website which takes snapshot of a website whenever there is any major change is implemented and store that snapshots so you can compare what changes have been made in target website till the present day.
This will help you getting to know about new features which target website have newly released or the feature which are no more available.
Screenshot of Web Archive
Information Gathering Tool 5: Censys
Censys is an online tool which will give you very sensitive information regarding ports on every IP information gathered.
I must recommend this tool because some time you will get lowest hanging fruits like open ports which are vulnerable and directly exploitable.
Screenshot of Censys
Information Gathering Tool 6: Google Dorks
Finally, I also try hands on manual testing using Google Dorks.
I try to gather useful links regarding target web application. Using dorks, you can collect all the links which are cache by google search engine. Some time you can easy find links which are not handled properly and disclosing sensitive information regarding web application.
Screenshot of Google Dorks in Search Bar
So, this was the complete list of tools I use for maximum information regarding target application in quickest way.
If you found this blog helpful then do not forget to share it with others too!