Top 6 Tools I use for Information Gathering

Hello Everyone!! Today I will be sharing 6 tools which I use for quick information gathering of a target web application.

If you are a web application security expert, pentester or ethical hacker, you must be knowing that before testing application, gathering information regarding target is basic and very important step.

I will share my tips to gather more information regarding target in quickest way. I’m not talking about deep information scanning but instead of that I’m talking here about quick information gathering.

Deep information gather takes time but this blog is to give you quick idea about your target application so that it will help you to think about possible threats or vulnerabilities you can expect in target web application.

So, lets get started with the list:

Information Gathering Tool 1: Wappalyzer

Wappalyzer is a very usefull addon you can use in Mozilla Firefox.

I use this addon in my daily life and it serves me with very useful information regarding Web server, Javascript libraries, CMS, WordPress, Programming Language, Widgets and so on.

Screenshot of Wappalyzer addon showing information

Information Gathering Tool 2: Virustotal

Virustotal is a website I use for information gathering.

I must say this website provides useful information and it is very quick.

Within just few seconds you will get information like Whois, various IP’s, possibly most of the subdomain list of web application which will make your scope broader and sometimes it also provides cache links with sensitive information.

virustotal

Screenshot of Virustotal

Information Gathering Tool 3: Netcraft

Netcarft is also a website which provides interesting information.

This website generates and serve you information as report of each subdomain of targeted web application.

Now, you must be thinking that why I’m using Netcraft after using Virustotal? I must tell you that you should not rely on a single tool. Some tools will provide you information which other cannot. So, you should try different tools and gather unique information.

Through Netcraft I get useful information inside site report like OS, Web Server, Server-Side Technology, Client-Side Technology, Firewalls, Scripting Frameworks and so on.

Netcraft

Screenshot of Netcraft

Information Gathering Tool 4: Web Archive

Web Archive is very helpful when you want to compare target website with its older version or when it was in developing phase.

Web Archive is a website which takes snapshot of a website whenever there is any major change is implemented and store that snapshots so you can compare what changes have been made in target website till the present day.

This will help you getting to know about new features which target website have newly released or the feature which are no more available.

waybackmachine

Screenshot of Web Archive

Information Gathering Tool 5: Censys

Censys is an online tool which will give you very sensitive information regarding ports on every IP information gathered.

I must recommend this tool because some time you will get lowest hanging fruits like open ports which are vulnerable and directly exploitable.

Screenshot of Censys

Information Gathering Tool 6: Google Dorks

Finally, I also try hands on manual testing using Google Dorks.

I try to gather useful links regarding target web application. Using dorks, you can collect all the links which are cache by google search engine. Some time you can easy find links which are not handled properly and disclosing sensitive information regarding web application.

Google Dorks

Screenshot of Google Dorks in Search Bar

So, this was the complete list of tools I use for maximum information regarding target application in quickest way.

If you found this blog helpful then do not forget to share it with others too!