Information Security News|Cyber Security|Hacking Tutorial

How to Scan whole country IP Addresses in a while

Jim Gill — Thu, 11 Apr 2019 00:57:12 +0000

In some phases of information gathering. Pentester do require to scan some of the IP addresses that are most commonly used. As per ethical hacking researcher if International Institute of Cyber Security, scanning is the most important phase of penetration testing. The most common addresses can be of routers or search engines. These common scan are used to check normal activities that how target is using the internet. There are many popular tools like nmap (network mapper) which scans open ports and IP addresses. But today we are talking about Masscan.

According to ethical hacking researcher of international institute of cyber security masscan do helps in scanning phases of pentesting/ VAPT.

Masscan is a tool which scans internet in very short time. It uses asynchronous scanning similar as to nmap. This tool uses custom ports or IPs to scan target. Masscan is the fastest tool to scan for open ports. For showing you, we have tested on Kali Linux 2018.4 in vmware. We will be scanning local IP addresses, whole country IP’s and will show packet analysis in wireshark, to check how the Masscan is noisy on network.

Scanning Local Networks :-

Here we have created an local network on 3 computers to show you how masscan scan packets. For creating local network.
192.168.1.20 & 192.168.1.22 both are the target machine, both are running on windows platform. And attacking machine is the Kali Linux 2018.4

Steps to configure your Virtual Machines IP’s

For assigning static IP addresses, go to Control Panel/ Network and Internet/ Network Connections.
Go to local area connection properties. Go to IPv4 connection. Enter IP 192.168.1.20
Replicate above process with another computer type IP 192.168.1.22
After creating local network. You can check by pinging to both IP addresses. Open cmd in both computers and type ping 192.168.1.20 and to another computer ping 192.168.1.22
Now to make ping from Kali Linux you have to create virtual network in the vmware.
Go to Kali Linux network settings enter static IP. Go to wifi settings select manual type 192.168.1.23 in IPv4 and enter subnet mask 255.255.255.0
Go to virtual network editor of vmware in windows.
Select the network editor as shown below. Remember to select appropriate settings.

As shown above click on Vmnet0 and select network interface card.
Then click on Vmnet8 and select local ethernet
Click on apply and ok
After assigning Then go to Kali Vmware settings and open network settings. Select the virtual network adapter

Moving to installing MASSCAN on KALI

After assigning static IP addresses to target computers and Kali Linux install required library in Kali Linux before using masscan.
Type sudo apt-get install git gcc make libpcap-dev in Kali Linux terminal.

root@kali:/home/iicybersecurity/Downloads/masscan# sudo apt-get install git gcc make libpcap-dev
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 make is already the newest version (4.2.1-1.2).
 make set to manually installed.
 The following package was automatically installed and is no longer required:
   php7.2
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   cpp cpp-8 g++ g++-8 gcc-8 gcc-8-base git-man lib32gcc1 lib32stdc++6 libasan5 libatomic1 libcc1-0 libgcc-8-dev libgcc1 libgfortran5
   libgomp1 libitm1 liblsan0 libmpx2 libobjc-8-dev libobjc4 libpcap0.8-dev libquadmath0 libstdc++-8-dev libstdc++6 libtsan0 libubsan1
 Suggested packages:
   cpp-doc gcc-8-locales g++-multilib g++-8-multilib gcc-8-doc libstdc++6-8-dbg gcc-multilib autoconf automake libtool bison gcc-doc
   gcc-8-multilib libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan5-dbg liblsan0-dbg libtsan0-dbg libubsan1-dbg
   libmpx2-dbg libquadmath0-dbg git-daemon-run | git-daemon-sysvinit git-doc git-el git-email git-gui gitk gitweb git-cvs
   git-mediawiki git-svn libstdc++-8-doc
 The following NEW packages will be installed:
   libpcap-dev libpcap0.8-dev
 The following packages will be upgraded:
   cpp cpp-8 g++ g++-8 gcc gcc-8 gcc-8-base git git-man lib32gcc1 lib32stdc++6 libasan5 libatomic1 libcc1-0 libgcc-8-dev libgcc1
   libgfortran5 libgomp1 libitm1 liblsan0 libmpx2 libobjc-8-dev libobjc4 libquadmath0 libstdc++-8-dev libstdc++6 libtsan0 libubsan1
 28 upgraded, 2 newly installed, 0 to remove and 1094 not upgraded.
 Need to get 266 kB/37.1 MB of archives.
 After this operation, 2,753 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y
 Get:1 https://ftp.yzu.edu.tw/Linux/kali kali-rolling/main amd64 libpcap0.8-dev amd64 1.8.1-6 [240 kB]
 Get:2 https://ftp.yzu.edu.tw/Linux/kali kali-rolling/main amd64 libpcap-dev amd64 1.8.1-6 [25.9 kB]
 Fetched 266 kB in 9s (28.6 kB/s)
 Reading changelogs… Done
 (Reading database … 342760 files and directories currently installed.)
 Preparing to unpack …/0-libquadmath0_8.2.0-13_amd64.deb …
 Unpacking libquadmath0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/1-libubsan1_8.2.0-13_amd64.deb …
-------------------------------SNIP------------------------------
 Unpacking libubsan1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/2-lib32gcc1_1%3a8.2.0-13_amd64.deb …
 Unpacking lib32gcc1 (1:8.2.0-13) over (1:8.2.0-7) …
 Preparing to unpack …/3-libitm1_8.2.0-13_amd64.deb …
 Unpacking libitm1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/4-libgfortran5_8.2.0-13_amd64.deb …
 Unpacking libgfortran5:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/5-libasan5_8.2.0-13_amd64.deb …
 Unpacking libasan5:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/6-lib32stdc++6_8.2.0-13_amd64.deb …
 Unpacking lib32stdc++6 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/7-gcc-8-base_8.2.0-13_amd64.deb …
 Unpacking gcc-8-base:amd64 (8.2.0-13) over (8.2.0-7) …
 Setting up gcc-8-base:amd64 (8.2.0-13) …
 (Reading database … 342760 files and directories currently installed.)
 Preparing to unpack …/libstdc++6_8.2.0-13_amd64.deb …
 Unpacking libstdc++6:amd64 (8.2.0-13) over (8.2.0-7) …
 Setting up libstdc++6:amd64 (8.2.0-13) …
 (Reading database … 342760 files and directories currently installed.)
 Preparing to unpack …/00-libgomp1_8.2.0-13_amd64.deb …
 Unpacking libgomp1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/01-libatomic1_8.2.0-13_amd64.deb …
 Unpacking libatomic1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/02-liblsan0_8.2.0-13_amd64.deb …
 Unpacking liblsan0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/03-libtsan0_8.2.0-13_amd64.deb …
 Unpacking libtsan0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/04-libmpx2_8.2.0-13_amd64.deb …
 Unpacking libmpx2:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/05-cpp-8_8.2.0-13_amd64.deb …
 Unpacking cpp-8 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/06-libcc1-0_8.2.0-13_amd64.deb …
 Unpacking libcc1-0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/07-gcc-8_8.2.0-13_amd64.deb …
 Unpacking gcc-8 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/08-g++-8_8.2.0-13_amd64.deb …
 Unpacking g++-8 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/1-gcc_4%3a8.2.0-2_amd64.deb …
 Unpacking gcc (4:8.2.0-2) over (4:8.1.0-1) …
 Preparing to unpack …/2-cpp_4%3a8.2.0-2_amd64.deb …
 Unpacking cpp (4:8.2.0-2) over (4:8.1.0-1) …
 Preparing to unpack …/3-git_1%3a2.20.1-1_amd64.deb …
 Unpacking git (1:2.20.1-1) over (1:2.19.1-1) …
 Preparing to unpack …/4-git-man_1%3a2.20.1-1_all.deb …
 Unpacking git-man (1:2.20.1-1) over (1:2.19.1-1) …

Type git clone https://github.com/robertdavidgraham/masscan.git

root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/robertdavidgraham/masscan.git
 Cloning into 'masscan'…
 remote: Enumerating objects: 20, done.
 remote: Counting objects: 100% (20/20), done.
 remote: Compressing objects: 100% (16/16), done.
 remote: Total 4101 (delta 6), reused 8 (delta 4), pack-reused 4081
 Receiving objects: 100% (4101/4101), 2.56 MiB | 17.00 KiB/s, done.
 Resolving deltas: 100% (2778/2778), done.

Then type cd masscan
Type make and then make install

root@kali:/home/iicybersecurity/Downloads/masscan# make
 clang -g -ggdb    -Wall -O3 -c src/crypto-base64.c -o tmp/crypto-base64.o
 clang -g -ggdb    -Wall -O3 -c src/crypto-blackrock2.c -o tmp/crypto-blackrock2.o
 clang -g -ggdb    -Wall -O3 -c src/event-timeout.c -o tmp/event-timeout.o
 clang -g -ggdb    -Wall -O3 -c src/in-binary.c -o tmp/in-binary.o
 clang -g -ggdb    -Wall -O3 -c src/in-filter.c -o tmp/in-filter.o
 clang -g -ggdb    -Wall -O3 -c src/in-report.c -o tmp/in-report.o
 clang -g -ggdb    -Wall -O3 -c src/logger.c -o tmp/logger.o
 clang -g -ggdb    -Wall -O3 -c src/main-conf.c -o tmp/main-conf.o -DGIT=\"1.0.5-51-g6c15edc\"
 clang -g -ggdb    -Wall -O3 -c src/main-dedup.c -o tmp/main-dedup.o
 clang -g -ggdb    -Wall -O3 -c src/main-initadapter.c -o tmp/main-initadapter.o
 clang -g -ggdb    -Wall -O3 -c src/main-listscan.c -o tmp/main-listscan.o
 clang -g -ggdb    -Wall -O3 -c src/main-ptrace.c -o tmp/main-ptrace.o
 clang -g -ggdb    -Wall -O3 -c src/main-readrange.c -o tmp/main-readrange.o
 clang -g -ggdb    -Wall -O3 -c src/main-src.c -o tmp/main-src.o
 clang -g -ggdb    -Wall -O3 -c src/main-status.c -o tmp/main-status.o
 clang -g -ggdb    -Wall -O3 -c src/main-throttle.c -o tmp/main-throttle.o
 clang -g -ggdb    -Wall -O3 -c src/main.c -o tmp/main.o
 src/main.c:282:24: warning: passing 'const struct RangeList *' to parameter of type 'struct RangeList *' discards qualifiers
       [-Wincompatible-pointer-types-discards-qualifiers]
         rangelist_sort(&masscan->targets);
  ---------------------------SNIP---------------------------------
 src/ranges.h:200:34: note: passing argument to parameter 'targets' here
 rangelist_sort(struct RangeList *targets);
                                  ^
 src/main.c:284:24: warning: passing 'const struct RangeList *' to parameter of type 'struct RangeList *' discards qualifiers
       [-Wincompatible-pointer-types-discards-qualifiers]
         rangelist_sort(&masscan->ports);
                        ^~~~~~~
 src/ranges.h:200:34: note: passing argument to parameter 'targets' here
 rangelist_sort(struct RangeList *targets);
                                  ^
 2 warnings generated.
 clang -g -ggdb    -Wall -O3 -c src/masscan-app.c -o tmp/masscan-app.o
 clang -g -ggdb    -Wall -O3 -c src/out-binary.c -o tmp/out-binary.o
 clang -g -ggdb    -Wall -O3 -c src/out-certs.c -o tmp/out-certs.o
 clang -g -ggdb    -Wall -O3 -c src/out-grepable.c -o tmp/out-grepable.o
 clang -g -ggdb    -Wall -O3 -c src/out-json.c -o tmp/out-json.o
 clang -g -ggdb    -Wall -O3 -c src/out-ndjson.c -o tmp/out-ndjson.o
 clang -g -ggdb    -Wall -O3 -c src/out-null.c -o tmp/out-null.o
 clang -g -ggdb    -Wall -O3 -c src/out-redis.c -o tmp/out-redis.o
 clang -g -ggdb    -Wall -O3 -c src/out-tcp-services.c -o tmp/out-tcp-services.o
 clang -g -ggdb    -Wall -O3 -c src/out-text.c -o tmp/out-text.o
 clang -g -ggdb    -Wall -O3 -c src/out-unicornscan.c -o tmp/out-unicornscan.o
 clang -g -ggdb    -Wall -O3 -c src/out-xml.c -o tmp/out-xml.o
 clang -g -ggdb    -Wall -O3 -c src/output.c -o tmp/output.o
 clang -g -ggdb    -Wall -O3 -c src/pixie-backtrace.c -o tmp/pixie-backtrace.o

Type masscan

root@kali:/home/iicybersecurity/Downloads/masscan# masscan
 usage:
 masscan -p80,8000-8100 10.0.0.0/8 --rate=10000
  scan some web ports on 10.x.x.x at 10kpps
 masscan --nmap
  list those options that are compatible with nmap
 masscan -p80 10.0.0.0/8 --banners -oB 
  save results of scan in binary format to 
 masscan --open --banners --readscan  -oX 
  read binary scan results in  and save them as xml in

Type masscan to view the help menu.
Start Wireshark in Kali Linux or host machine and select netwok interface and see the packet analyzing.
If wireshark is not installed in Kali Linux. Install wireshark from https://packages.qa.debian.org/w/wireshark.html and for windows go to https://www.wireshark.org/download.html

Scanning Target Computers :-

For scanning type masscan -p0-1000 192.168.1.20 –router-mac
192.168.1.20 is the target computer.
For knowing mac address open cmd type getmac in target computers.
-p is used to enter port. You can give an port range -p0-5000 or you can specify and ports of your choice.
–router-mac is used to enter mac addresses of the target.

root@kali:/home/iicybersecurity# masscan -p0-1000 192.168.1.20 --router-mac 
Starting masscan 1.0.6 (https://bit.ly/14GZzcT) at 2019-01-10 12:03:11 GMT
  -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
 Initiating SYN Stealth Scan
 Scanning 1 hosts [1001 ports/host]
 Discovered open port 443/tcp on 192.168.1.20
 Discovered open port 135/tcp on 192.168.1.20
 Discovered open port 912/tcp on 192.168.1.20
 Discovered open port 139/tcp on 192.168.1.20
 Discovered open port 445/tcp on 192.168.1.20
 Discovered open port 902/tcp on 192.168.1.20

After running above query, masscan shows list of open ports in the target operating system. If you start wireshark in target machine 192.168.1.20 you can see no. of packets retrieving from attacker 192.168.1.5 machine as shown below.

The above screenshot shows TCP packet transfer of each packet. The above information can be used in other hacking activities.
Type masscan -p0-1000 192.168.1.22 –router-mac
192.168.1.22 is the target computer.
For knowing mac address open cmd type getmac
-p is used to enter port. You can give an port range -p0-1000 or you can specify and ports of your choice.
–router-mac is used to enter mac addresses of the target.

root@kali:/home/iicybersecurity# masscan -p0-1000 192.168.1.22 --router-mac                                          
 Starting masscan 1.0.6 (https://bit.ly/14GZzcT) at 2019-01-10 12:21:21 GMT
  -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
 Initiating SYN Stealth Scan
 Scanning 1 hosts [1001 ports/host]
 Discovered open port 135/tcp on 192.168.1.22
 Discovered open port 445/tcp on 192.168.1.22
 Discovered open port 139/tcp on 192.168.1.22

After running above query, masscan shows list of ports that are open in the target operating system. The above list can be used to make scenario for attacking further.
If you start wireshark in target machine 192.168.1.22 you can see no. of packets retrieving from attacker 192.168.1.5 machine as shown below.

The above screenshot shows TCP packet transfer of each packet. As it showing 3-Way handshaking.
The above information can be used in other hacking activities.

Scanning Vulnerable IP addresses :-

There are many sources where you can use tool for testing. Next we have used OWASP iso for scanning open ports.
Owasp iso is most popular for testing your hacking skills.
For downloading iso go to https://sourceforge.net/projects/owaspbwa/
After downloading the owasp iso. Open iso in vmware. Simply start iso.
After starting iso, you will see your IP address as shown below.

Enter the IP 192.168.1.10 in web browser to check if iso working as shown below.

As you can see, iso is working.
Now for scanning above IP address type masscan -p0-8000 192.168.1.10
-p is used to enter port ranges.
Then type IP address.

root@kali:/home/iicybersecurity# masscan -p0-8000 192.168.1.10

Starting masscan 1.0.6 (https://bit.ly/14GZzcT) at 2019-01-10 18:11:29 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [8001 ports/host]
Discovered open port 445/tcp on 192.168.1.10
Discovered open port 443/tcp on 192.168.1.10
Discovered open port 143/tcp on 192.168.1.10
Discovered open port 80/tcp on 192.168.1.10
Discovered open port 139/tcp on 192.168.1.10
Discovered open port 5001/tcp on 192.168.1.10
Discovered open port 22/tcp on 192.168.1.10

The above query shows open ports of the target IP address. The above information can be used in other hacking activities.

As explained in the ethical hacking course of International Institute of Cyber Security, scanning any random IP with large no, of ports may slow the Kali Linux. Use only limited ports. Or give any short port range. Do not scan any public IP. Your Linux Distros may got hang. If you scan large no. of ports, your ISP may blocks you as large no. of request is send to public IP. Sending Large no. packets may slow the internet.

Analyzing Countries IP Ranges :-

Masscan can scan with different IP ranges & different ports. Here we have taken China country IP ranges. For IP ranges go to : https://lite.ip2location.com/china-ip-address-ranges

Type masscan -v -sS 43.225.84.0-43.225.87.255 -p0-100
-v is used to increase verbosity level.
17.50.48.0-17.50.55.255 is ip range used in scanning.
-sS is used to make TCP syn scan always on.
-p is used to port ranges. we have used -p0-100

root@kali:~/Downloads/masscan# masscan -v -sS 43.225.84.0-43.225.87.255 -p0-100

Starting masscan 1.0.4 (https://bit.ly/14GZzcT) at 2019-04-10 05:28:06 GMT
  -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
 Initiating SYN Stealth Scan
 Scanning 1024 hosts [101 ports/host]
 THREAD: status: starting thread
 THREAD: xmit: starting thread #0 0:00:00 remaining, found=0
 maxrate = 100.00
 THREAD: recv: starting thread #0
 THREAD: recv: starting main loop
 Discovered open port 53/tcp on 43.225.87.113
 Discovered open port 53/tcp on 43.225.87.45
 Discovered open port 53/tcp on 43.225.87.51
 Discovered open port 80/tcp on 43.225.87.31
 Discovered open port 53/tcp on 43.225.87.39
 Discovered open port 53/tcp on 43.225.87.81
 Discovered open port 53/tcp on 43.225.87.34
 Discovered open port 53/tcp on 43.225.87.104
 Discovered open port 53/tcp on 43.225.87.63
 Discovered open port 53/tcp on 43.225.87.22
 Discovered open port 80/tcp on 43.225.87.195
 Discovered open port 53/tcp on 43.225.87.78
 Discovered open port 53/tcp on 43.225.87.65
 Discovered open port 80/tcp on 43.225.87.69
 Discovered open port 53/tcp on 43.225.87.162
 Discovered open port 80/tcp on 43.225.87.70
 Discovered open port 53/tcp on 43.225.87.133
 Discovered open port 80/tcp on 43.225.87.157
 Discovered open port 80/tcp on 43.225.87.118
 Discovered open port 80/tcp on 43.225.87.55
 Discovered open port 53/tcp on 43.225.87.200
-----------------------------SNIP---------------------------------
 Discovered open port 53/tcp on 43.225.87.163
 Discovered open port 80/tcp on 43.225.87.201
 Discovered open port 53/tcp on 43.225.87.109
 Discovered open port 53/tcp on 43.225.87.59
 Discovered open port 80/tcp on 43.225.87.28
 Discovered open port 53/tcp on 43.225.87.24
 Discovered open port 80/tcp on 43.225.87.160
 Discovered open port 53/tcp on 43.225.87.54
 Discovered open port 80/tcp on 43.225.87.198
 Discovered open port 80/tcp on 43.225.87.187
 Discovered open port 53/tcp on 43.225.87.77
 Discovered open port 53/tcp on 43.225.87.120
 Discovered open port 80/tcp on 43.225.87.72
 Discovered open port 53/tcp on 43.225.87.83
 Discovered open port 53/tcp on 43.225.87.194

The above query shows initialization SYN scan, ranging port from 0-100. Thread started from default gateway with maxrate of packets. Here 100 packets are sending by default. You can also send large no. of packets to scan IP ranges.
Meanwhile we have also try to send large no. of packets, after sending large of packets our internet got stuck. Network provider may block your IP address mentions the ethical hacking professor.
For sending large no. of packets you need Intel 10-gbps Ethernet adapter & special driver called PF RING ZC. Download driver from : https://www.ntop.org/products/packet-capture/pf_ring/pf_ring-zc-zero-copy/
While scanning with given IP ranges. Masscan has found port 80,53 opened in the IP ranges. Port 53 is used for zone transfers (used in dns enumeration) which can be bypassed by sending UDP packets with port equal to 53.
While scanning with nmap, it didn’t run with this IP address.
Type nmap -v 43.225.84.0/255
-v is used to increase verbosity level.

root@kali:~# nmap -v 43.225.84.0/255
 Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-10 05:45 UTC
 Illegal netmask in "43.225.84.0/255". Assuming /32 (one host)
 Initiating Ping Scan at 05:45
 Scanning 43.225.84.0 [4 ports]
 Completed Ping Scan at 05:45, 3.04s elapsed (1 total hosts)
 Nmap scan report for 43.225.84.0 [host down]
 Read data files from: /usr/bin/../share/nmap
 Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
 Nmap done: 1 IP address (0 hosts up) scanned in 3.13 seconds
            Raw packets sent: 8 (304B) | Rcvd: 0 (0B)

Nmap doesn’t scan as we have to use NMAP with -Pn option, as ping might be blocked explains the ethical hacking professor. So overall MASSCAN is relativelvy faster then NMAP any of the host because target IP address range blocking port scanner. But in masscan whole ip range was scanning because masscan has its own TCP/IP stack. While nmap is build on common networking protocols.

The post How to Scan whole country IP Addresses in a while appeared first on Information Security Newspaper | Hacking News.

Do Hacking with Simple Python Script

Jim Gill — Wed, 02 Jan 2019 16:24:28 +0000

Pentesting is all about showing and reporting problems in web/mobile applications. This is the most popular part of cyber security which every researcher/security enthusiast want to do. Because it gives a brief knowledge how to penetrate any web application. Pentesting is done by information gathering. There are many tools/scripts available over the internet which can be used for information gathering, mention ethical hacking reasearchers. So today we came with another tool written by Joker Security. Tool named as Devploit which is used in information gathering and also another similar all in one tool is Mercury Tool.

Devploit is an very easy to use tool which gives information for your target. You have to just run this script with some of the basic commands of linux. You can gather a lot of information about your target before exploiting. This tool completes the list of various tools like DNS, Whois IP, Geo IP, Subnet Lookup, Port Scanner and many other tools which comes handy in initial phase of penetration testing, ethical hacking professionals assure. Now we will show you features of devploit. For showing you we have install devploit on Kali Linux. There are other Linux distros in which devploit support Ubuntu, Mint and parrot.

For cloning type git clone https://github.com/joker25000/Devploit.git
Then type cd Devploit
Type ls -ltr to check the permissions of the files that are included in devploit directory.

root@kali:/home/iicybersecurity/Downloads/Devploit# ls -ltr
 total 32
 -rw-r--r-- 1 root root 1838 Dec 30 23:32 README.md
 -rw-r--r-- 1 root root 2154 Dec 30 23:32 install
 -rw-r--r-- 1 root root 8469 Dec 30 23:32 Devploit.py
 drwxr-xr-x 2 root root 4096 Dec 30 23:32 Dev
 -rw-r--r-- 1 root root 1990 Dec 30 23:32 update.py
 drwxr-xr-x 5 root root 4096 Dec 30 23:32 modules

By default devploit installer files does not come with execute permission so for changing permission of the install file type chmod u+x install
For checking if the permission has changed type ls -ltr. If the permission has changed then install file will turn into green color.

root@kali:/home/iicybersecurity/Downloads/Devploit# chmod u+x install
 root@kali:/home/iicybersecurity/Downloads/Devploit# ls -ltr
 total 32
 -rw-r--r-- 1 root root 1838 Dec 30 23:32 README.md
 -rwxr--r-- 1 root root 2154 Dec 30 23:32 install
 -rw-r--r-- 1 root root 8469 Dec 30 23:32 Devploit.py
 drwxr-xr-x 2 root root 4096 Dec 30 23:32 Dev
 -rw-r--r-- 1 root root 1990 Dec 30 23:32 update.py
 drwxr-xr-x 5 root root 4096 Dec 30 23:32 modules

Then type python Devploit.py

root@kali:/home/iicybersecurity/Downloads/Devploit# python Devploit.py

               ,
               |'.             , ...  Devploit  -  Information Gathering Tool
               |  '-._        / )
             .'  .._  ',     /_'-,
            '   /  _'.'_\   /._)')
           :   /  '_' '_'  /  _.'
           |E |   |Q| |Q| /   /
          .'  _\  '-' '-'    /
        .'--.(S     ,__` )  /
              '-.     _.'  /
            __.--'----(   /
        _.-'     :   __\ /
       (      __.' :'  :Y
        '.   '._,  :   :|
          '.     ) :.__:|
            \    \______/
             '._L/_H____]

==[[ .:: Name : Devploit ::.]]==

==[[ .:: Version: 3.6 ::.]]==

==[[ .:: Author : Joker-Security ::.]]==

==[[ .:: Github : https://www.github.com/joker25000 ::.]]==

==[[ .:: Twitter: https://twitter.com/SecurityJoker ::.]]==

This Is Simple Script By : Joker-Security

  Let's Start  --> --> -->

1 }  ==>  DNS Lookup

 2 }  ==>  Whois Lookup

 3 }  ==>  GeoIP Lookup

 4 }  ==>  Subnet Lookup

 5 }  ==>  Port Scanner

 6 }  ==>  Extract Links

 7 }  ==>  Zone Transfer

 8 }  ==>  HTTP Header

 9 }  ==>  Host Finder

 10}  ==>  IP-Locator

 11}  ==>  Traceroute

 12}  ==>  Robots.txt

 13}  ==>  Host DNS Finder

 14}  ==>  Revrse IP Lookup

 15}  ==>  Collection Email

 16}  ==>  Subdomain Finder

 17}  ==>  Install & Update

 18}  ==>  About Me

 00}  ==>  Exit

Enter 00/18 => =>

Choose any option on which tool you want to use. Then type tool number as shown below.

Getting DNS of the Target :-

Type 1
Type .
Type www.hackthissite.org

Enter 00/18 => =>  1
 Entre Your Domain :www.hackthissite.org
 www.hackthissite.org.   3599    IN      A       137.74.187.100
 www.hackthissite.org.   3599    IN      A       137.74.187.104
 www.hackthissite.org.   3599    IN      A       137.74.187.103
 www.hackthissite.org.   3599    IN      A       137.74.187.101
 www.hackthissite.org.   3599    IN      A       137.74.187.102
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:101
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:103
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:102
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:104
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:100

As shown above after scanning using DNS lookup. Dns shows the A and AAA records of the target. This information can be used in other hacking activities.

Getting Whois Lookup for the Target :-

Type 2 for whois lookup which tells you the basic information about the target. It shows server, update data, expiry date and many more information which whois provide.
Then type hack.me

Enter 00/18 => =>  2
 Enter IP Address : hack.me
 Domain Name: HACK.ME
 Registry Domain ID: D108500000000003559-AGRS
 Registrar WHOIS Server: whois.godaddy.com
 Registrar URL: https://www.godaddy.com
 Updated Date: 2018-04-30T15:06:34Z
 Creation Date: 2008-04-29T18:00:32Z
 Registry Expiry Date: 2021-04-29T18:00:32Z
 Registrar Registration Expiration Date:
 Registrar: GoDaddy.com, LLC
 Registrar IANA ID: 146
 Registrar Abuse Contact Email: abuse@godaddy.com
 Registrar Abuse Contact Phone: +1.4806242505
 Reseller:
 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
 Registrant Organization: Domains By Proxy, LLC
 Registrant State/Province: Arizona
 Registrant Country: US
 Name Server: NS5.DNSMADEEASY.COM
 Name Server: NS6.DNSMADEEASY.COM
 Name Server: NS7.DNSMADEEASY.COM
 Name Server: NS4.HACK.ME
 DNSSEC: unsigned
 URL of the ICANN Whois Inaccuracy Complaint Form  https://www.icann.org/wicf/)

 Last update of WHOIS database: 2018-12-31T06:14:27Z <<< 
 
For more information on Whois status codes, please visit https://icann.org/epp 
 
The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.

The above command shows the server of the target. Name server, Domain status. Registrar email ID and phone no.
The above information can be used in other hacking activities.

Getting Emails of the Target :-

Type 15 for collection mails.
Type hack.me

Enter 00/18 => =>  15
 Entre Your Domain :hack.me
 [>] Initiating 3 intel modules
 [>] Loading Alpha module (1/3)
 [>] Beta module deployed (2/3)
 [>] Gamma module initiated (3/3)

[+] Emails found: 
pixel-1546237263523024-web-@hack.me
pixel-1546237266842168-web-@hack.me 

[+] Hosts found in search engines: 
 -] Resolving hostnames IPs…
 74.50.111.244:me.hack.me 

[+] Virtual hosts: 
 74.50.111.244   hack.me
 74.50.111.244   hack.me

The above shows the email addresses of the target. The above information can be used in other hacking activities.

Getting Subdomains of the Target :-

Type 16 for subdomain finder.
Type hack.me

Enter 00/18 => =>  16

Entre Your Domain :hack.me

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Your Target Choice :hack.me

hacks.me

chop.me

pros.me

pro.me

wifihack.me

hackeie.me

gohack.me

howtohack.me

hackprotect.me

comehackwith.me

intahackgram.me

soyouthinkyoucanhack.me

come-hack-with.me

mindhack.me

datehack.me

luxhack.me

hacksub.me

hacks.org

computing.org

pros.org

hackers.info

hacker.eu

hacks.co

computing.eu

hacks.net

chops.eu

pros.co

hack.es

chop.info

hack.it

chop.co

pros.co.uk

old.co

cut.co

hack.info

hackers.fr

hackers.it

hacker.es

hacker.it

hacks.es

hacks.fr

hacks.nl

chops.nl

computing.ch

chop.nl

old.ch

old.it

old.nl

old.fr

cut.es

cut.nl

chop.club

chops.net

hacks.de

hack.fr

pros.de

old.info

old.at

hackers.es

hackers.ch

hacker.fr

hacks.ch

pros.ch

hackers.club

chops.club

pros.club

cut.club

old.club

pro.guru

old.berlin

hackhashgraph.com

hackers.at

hacks.at

computing.at

hack.xyz

robloxhack.com

hackgems.com

cheathack.com

updatehack.com

hackzone.com

hackroblox.com

hackdeutsch.com

hackguru.com

legendhack.com

instahack.com

hackstore.com

hackarena.com

hackyogi.com

mailhack.com

hackdays.com

hackslash.com

zerohack.com

rankhack.com

moneyhack.com

mindhack.com

antihack.com

hackbart.com

hackteck.com

bedshack.com

payshack.com

The above list can be used to make an dictionary which can used in dictionary attack or in other hacking activities.

Getting Reverse IPs of the Target :-

Type 14 for reverse ip lookup.
Type hack.me

Enter 00/18 => =>  14

Enter IP Address : hack.me

74-50-111-244.static.hvvc.us

hack.me

ns4.hack.me

www.hack.me

After executing the above command it shows the target another hosted addresses. Reverse lookup helps in finding the phishing pages or in other hacking activities.

The above tool shows many information about the target which can help lots of pentesters or security researchers. According to ethical hacking researcher in international institute of cyber security Devploit comes handy as it consumes lot of time if you compare to other tools. Its an easy tool for gathering information.

The post Do Hacking with Simple Python Script appeared first on Information Security Newspaper | Hacking News.