On this occasion, cybersecurity experts from the International Institute of Cyber Security (IICS) will show you how to copy cookies from platforms such as Facebook, Twitter, Instagram and Gmail to a USB device, all discreetly and using only 15 commands.

Before continuing we must remember that this article was prepared for informational purposes only, so IICS is not responsible for the misuse that may occur to the information contained herein. This is not a call to action or a cybercriminal manual.

According to cybersecurity experts, the first thing we need is a USB drive with data of a specific type. The following is the contents of the device used for this example:

In this USB we can see two folders and two files: a batch file and a file for automatic execution. The file for autorun contains a command that says the batch file will open in autorun.

The batch file contains commands designed to copy all the files and cookies needed to make it possible to obtain the passwords of a target user, cybersecurity experts mention. This example lists three browsers: Mozilla, Opera, and Google. If necessary, it is quite possible to add other necessary browsers, but you will need to find directories for them.

Next, we need to copy all the opera files, then Firefox, then Google Chrome. They are then assigned certain attributes.

The problem is that the autorun file does not start on all systems. For example, after upgrading Windows 7 and later, automatic file execution is not an option, as Microsoft removed this feature for security reasons.

When opening the batch file we will see that the files of the browsers have been copied to the USB drive itself. That is, all cookies and passwords are located on our device.

If one day you automatically run all the files and copy them from one computer, and then you go to another computer and put a USB flash drive on it, or place it on your computer to find out the victim’s passwords, then the autorun file will automatically run the batch file, which will copy all the files and overwrite them with the victim’s files, as mention by cybersecurity experts.

This process can also be circumvented by adding the following command:

del: Autorun.inf

That is, when the batch file does its job, the autorun.inf file will be deleted and the cycle will end.

To view all the stolen data, you need to use the program shown below. But before that, you need to replace your files with stolen ones, cybersecurity experts recommend.

The best thing about this is that the antivirus won’t even notice the malicious activity on the target system, experts mention.

Remember that this method does not work on all the systems parts but works perfectly on the compatible options, which will allow covering a large area of attack. Finally, we ask that you never test on third-party systems without the prior consent of the administrators.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How to easily copy Facebook, Instagram, Twitter Gmail cookies and browser stored passwords to a USB pendrive, all with just 15 commands appeared first on Information Security Newspaper | Hacking News.

Cybersecurity specialists report the detection of a web attack structure implemented by an alleged group of Chinese state-sponsored hackers and designed to exploit security flaws in dozens of popular websites in order to gather information about dissidents and opponents of china’s government. Apparently, hackers are attacking at least 57 Chinese websites and the official platforms of the American newspaper New York Times.

The report mentions that this tool is also capable of abusing some legitimate browser functions to deploy a keylogging attack, in addition to collecting multiple data about the operating system, location details and even taking screenshots and images from webcams.

Identified as Tetris, this tool was first found on two Chinese websites that appeared to be non-profit news blogs, says one of the researchers who participated in Tetris’ analysis. The researcher works under the pseudonym “Imp0rtp3”.

The expert mentions that users who entered a compromised website were greeted by Jetriz, the first of two components of Tetris and that it was in charge of collecting information about the target user’s browser. If the browser was set to Chinese language, the user would be redirected to the second malicious component.

Swid, the second component, loads 15 additional plugins in JavaScript inside the victim’s browser. Eight of these plugins abuse a JSON hijacking technique to initiate connections to popular websites and retrieve public data about users. This technique does not allow the extracting of passwords or authentication cookies; although the report mentions that a threat actor could retrieve information such as user names, telephone numbers and even real names, allowing the elaboration of detailed user profiles.

Imp0rtp3 maintains that these tactics and procedures are linked to a hacking group that collaborates very closely with the Chinese government. The researcher bases his conclusions on the fact that Tetris operators have limited their campaign to a certain number of websites. As mentioned above, most of the affected websites are news blogs, political analysis, and anti-Chinese government opinion, which once again demonstrate its special interest in tracking and monitoring against potential threats to the regime’s stability.

Finally, the report mentions that while tools like Tetris are not very common these days, they are still a real threat to thousands of users, especially in highly targeted campaigns like the one described in this article.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Tetris, Chinese government’s favorite hacking & spying tool. How it works and how to get it? appeared first on Information Security Newspaper | Hacking News.

D-tect is an information gathering tool, we use this tool in first stage of penetration testing for web applications. Using this tool, we can fetch out web application username, sensitive data detection, sub-domain scanner, port scanning, wordpress scanner, vulnerabilities using XSS (Cross-site scripting), SQL injection and wordpress backup Grabber.

Installation

• Use this tutorial to install the complete hacking tool in your kali machine.

Execution Steps

• Use this command to launch the tool. python d-tect.py

• Successfully launched the tool.

User Name Enumeration: Now, this option will find out valid username of wordpress for targeted website. In the same way it will identifies the IP address and the server name.

• Choose option 1 and enter the target website.

•  Successfully got the username.

Sensitive File Detector: This option will find out the sensitive data on the targeted website.

• Choose option 2

• Successfully got the sensitive file.
• Now, lets open this file in the browser. To view the data.

Open this sitemap URL in the browser to view the data.

• Here, we got the HTML URLS of target website.

Sub-Domain Scanner: This option will list out all the subdomains with IP address and server name of the target website.

• Choose option 3

• Successfully we got the subdomain details.

Port Scanner: This option will list out the open ports on the target website.

• Enter the target website and port range.

• Successfully got the open port and services.

Conclusion

As we saw D-tect tool can fetch out confidential details of the web application and help us find out the vulnerabilities on the target web application.

The post D-TECT – Pentesting the Modern Web Applications appeared first on Information Security Newspaper | Hacking News.

All pentesters out there, always want a Framework that can give them access to all pentesting tools in one console. This makes their job easy. There are many pentesting framework available on internet today, but the ones which are modular in nature are the ones a good candidature.

Fsociety is a modular penetration testing tool, which has many modules like Information gathering, Password Attack, Networking, Web App, obfuscation, and Utilities. Under each module there are sub hacking tools in one place. Researcher of International institute of Cyber Security also uses such kind of Modular Pentesting Frameworks. Now no need to remember the command, we can simply execute by choosing the required options. Using this tool we can reduce time to execute the test with the best results. 

Environment

• OS: Kali Linux 2019.3 64 bit
• Kernel version: 5.2.0

Installation Steps

• Use this command to install the tool pip install fsociety

Requirement already satisfied: fsociety in /usr/local/lib/python3.8/dist-packages (3.2.3)
Requirement already satisfied: requests in /usr/local/lib/python3.8/dist-packages (from fsociety) (2.23.0)
Requirement already satisfied: rich in /usr/local/lib/python3.8/dist-packages (from fsociety) (2.2.3)
Requirement already satisfied: gitpython in /usr/local/lib/python3.8/dist-packages (from fsociety) (3.1.3)
Requirement already satisfied: chardet<4,>=3.0.2 in /usr/lib/python3/dist-packages (from requests->fsociety) (3.0.4)
Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /usr/local/lib/python3.8/dist-packages (from requests->fsociety) (1.25.8)
Requirement already satisfied: idna<3,>=2.5 in /usr/local/lib/python3.8/dist-packages (from requests->fsociety) (2.9)
Requirement already satisfied: certifi>=2017.4.17 in /usr/local/lib/python3.8/dist-packages (from requests->fsociety) (2019.11.28)
Requirement already satisfied: colorama<0.5.0,>=0.4.0 in /usr/local/lib/python3.8/dist-packages (from rich->fsociety) (0.4.3)
Requirement already satisfied: commonmark<0.10.0,>=0.9.0 in /usr/local/lib/python3.8/dist-packages (from rich->fsociety) (0.9.1)
Requirement already satisfied: pygments<3.0.0,>=2.6.0 in /usr/local/lib/python3.8/dist-packages (from rich->fsociety) (2.6.1)
Requirement already satisfied: typing-extensions<4.0.0,>=3.7.4 in /usr/local/lib/python3.8/dist-packages (from rich->fsociety) (3.7.4.2)
Requirement already satisfied: pprintpp<0.5.0,>=0.4.0 in /usr/local/lib/python3.8/dist-packages (from rich->fsociety) (0.4.0)
Requirement already satisfied: gitdb<5,>=4.0.1 in /usr/local/lib/python3.8/dist-packages (from gitpython->fsociety) (4.0.5)
Requirement already satisfied: smmap<4,>=3.0.1 in /usr/local/lib/python3.8/dist-packages (from gitdb<5,>=4.0.1->gitpython->fsociety) (3.0.4)

• Next, use this command to upgrade the tool pip install –upgrade fsociety
• Now, simply use this command to launch the tool
  • fsociety

• Here, we successfully launched the tool
• In the above picture we see 6 modules with different 20 tools.

Information Gathering

Information gathering is also called as footprinting. We use this module in the first stage of penetration testing, for collecting the required details about the target to perform an attack or to secure the device, that no hacker can compromise the device.

• Now, type information_gathering to view it’s tools

• In this module we have 7 different tools

• SQLMap: SQLMap is an automatic SQL injection tool. We use this tool to find out vulnerabilities on a website and stealing the confidential data from the database server. This is an open-source and penetration testing tool.
• Striker: Striker is an information gathering and vulnerability scanning tool for the websites. This tool will collect Open ports, Email Addresses, DNS records, IP addresses, servers, and Operating systems.

• Sublist3r: Sublist3r is a subdomain enumeration tool. This will collect all the subdomains from different search engines like Bing, Google, Yahoo. This tool builds on the python language. We can use this tool for OSINT (Open sources investigation)

• Now, Lets take one tool to understand its working.
• Type sublist3r to launch the tool.

• After typing the command, this will download and install the dependencies of the tool.
• Then it will launches the tool.

• Here, enter the domain name.
• Tool will start searching the subdomains using search engines and at last, the tool will display the results.

• Here, we got the 52 unique sub domains.

• Sherlock: Sherlock is an information-gathering tool, we use this tool for collecting Username from the different social media websites. We can also perform social engineering attacks using this.
• S3scanner: S3scanner is used to collect the data from Amazon s3 by simply specifying the domain name. After completing the scanning, it stores the results in a text file.
• Gitgraber: Gitgraber is used to collect sensitive information from the different websites/online services like Google, Amazon, Paypal, Github, Facebook, Twitter. We use this tool in time environment
• Hydrarecon:  Hydrarecon is a simple recon tool. We use this to collect the live domain, sub-domains, open port scan.

Networking

• In this module, we have 2 different tools.
• Type networking to use the module.
• Then type Nmap to launch the tool
• Here, we have to enter the host address on which IP we want to scan
• The Nmap tool displays few options, related to scanning.

• Here, we have to select the option for scanning the target.

• In the results, we found open ports and vulnerability on the target machine.

• CVE-2014-3566: The OpenSSL uses SSL Protocol 3.0 through 1.0.1i and other products use nondeterministic CBC padding, so this make it easy to perform a man in the middle attack. Using a padding-oracle attack, hackers can gain plain text data.
• As Nmap is very noisy, you can also create your custom scripts like ethical hacking researchers of International Institute of Cyber Security to perform initial level of Pentesting.

Bettercap: Bettercap is a powerful hacking tool. using this we can perform a man in the middle attack via HTTP, HTTPS, and TCP. Through this hacker can monitor the real-time traffic and can steal any login credentials & other sensitive data.

Web Apps

• XSStrike: We use this for information gathering and it can also find vulnerabilities like DOM and XSS on the webpage.
• Photon: Photon is used to crawl the website and it can collect the URLs with the parameters. This tool is completely built on python language.

Passwords

Cupp: Cupp hacking tool is used to crack the username and password of any webpage using a wordlist.

• Next, use this command cupp to launch the tool
• Now, enter the details about the victim to create a password list.
• After providing the details, the tool will generate the password list

• Here, we go 42892 word and as virusfound.txt

• cr3dov3r: cr3dov3r is an open-source tool. we use this tool, to finding the login credential of a specific email address. cr3dov3r uses haveibeenpwned API key to check the leaks of the provided email address. This try’s login attempts to some websites like google, Github, eBay, Facebook, Twitter, etc.
• Hash Buster: Hash Buster is used to converting hash function to plain text.

 obfuscation

Cuteit:  The main aim of this tool is to make malicious IP address into URL. This tool builds on the python language.

• Type this command obfuscation to select the module and type cuteit to launch the tool.
• After using cuteit command, choose option y (YES) to clone the tool.

• Here, the tool is successfully installed. Then we have to enter the Malicious IP address to convert into URLs

• Successfully we got the URLs

Utilities

Host To IP: As we know every website has an IP address. This tool displays the Host’s IP address by specifying the hostname.

• Here, we got google’s IP address.

• Base64 Becode: It decode’s base64

• Successfully we decoded it.

Conclusion

Here, we saw all the penetration testing module with different tool. Its easy for pentesters to perform their job with ease.   

The post Now no need to remember tools, PenTesting Framework with 20 Tools is Here appeared first on Information Security Newspaper | Hacking News.

Now it’s easy to find any person on the internet by using this OSRFramework. The OSRFramework is an information gathering also we can say OSINT, this tool can crawl all the social media profiles from the internet by simply providing the “Name” of the person. This framework collects data from different platforms in very less time with more information. As commented by researcher of International institute of Cyber Security, information gathering is very important phase of any pentesting and this tool is a value add for pentesters.

Environment

• OS: Kali Linux 2019.3 64 bit
• Kernel version: 5.2.0

Installation Steps

• Use this command to clone the project.
• git clone https://github.com/i3visio/osrframework

root@kali:/home/iicybersecurity# git clone https://github.com/i3visio/osrframework
Cloning into 'osrframework'...
remote: Enumerating objects: 569, done.
remote: Counting objects: 100% (569/569), done.
remote: Compressing objects: 100% (125/125), done.
remote: Total 8099 (delta 454), reused 516 (delta 444), pack-reused 7530
Receiving objects: 100% (8099/8099), 4.23 MiB | 2.55 MiB/s, done.
Resolving deltas: 100% (6583/6583), done.

• Use the cd command to enter into osrframework directory

root@kali:/home/iicybersecurity# cd osrframework/
root@kali:/home/iicybersecurity/osrframework#

• Next, use this command to install the requirements pip3 install osrframework

root@kali:/home/iicybersecurity/osrframework # pip3 install osrframework
Collecting osrframework
  Downloading osrframework-0.20.1.tar.gz (209 kB)
     |████████████████████████████████| 209 kB 1.3 MB/s
Requirement already satisfied: bs4 in /usr/local/lib/python3.8/dist-packages (from osrframework) (0.0.1)
Collecting cfscrape
  Downloading cfscrape-2.1.1-py3-none-any.whl (12 kB)
Requirement already satisfied: colorama in /usr/lib/python3/dist-packages (from osrframework) (0.3.7)
Collecting configparser
  Downloading configparser-5.0.0-py3-none-any.whl (22 kB)
Requirement already satisfied: decorator in /usr/lib/python3/dist-packages (from osrframework) (4.3.0)
Collecting networkx
  Downloading networkx-2.4-py3-none-any.whl (1.6 MB)
     |████████████████████████████████| 1.6 MB 1.8 MB/s
Collecting oauthlib>=1.0.0
  Using cached oauthlib-3.1.0-py2.py3-none-any.whl (147 kB)
Requirement already satisfied: pip>=19.0.0 in /usr/lib/python3/dist-packages (from osrframework) (20.0.2)
Collecting pyexcel==0.2.1
  Downloading pyexcel-0.2.1.zip (63 kB)
     |████████████████████████████████| 63 kB 1.0 MB/s
===============================================================================================================SNIP====================================================================================================================
  Created wheel for openpyxl: filename=openpyxl-2.2.2-py2.py3-none-any.whl size=148093 sha256=78769ed5dd2d532a33f6f282a3feccba0cc92e3141e9a3cb2002669f1d9a2d05
  Stored in directory: /root/.cache/pip/wheels/35/c2/88/e3da1443de27e6e4077714499901852d041d6dd11fc8134911
Successfully built osrframework pyexcel pyexcel-io pyexcel-ods pyexcel-text pyexcel-xls pyexcel-xlsx python-emailahoy3 python-whois validate-email odfpy xlwt-future openpyxl
Installing collected packages: cfscrape, configparser, networkx, oauthlib, pyexcel-io, pyexcel, odfpy, pyexcel-ods, tabulate, pyexcel-text, xlrd, xlwt-future, pyexcel-xls, jdcal, openpyxl, pyexcel-xlsx, python-emailahoy3, python-whois, requests-oauthlib, tweepy, validate-email, osrframework
Successfully install


<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-469750017 -1073732485 9 0 511 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin-top:0in; margin-right:0in; margin-bottom:8.0pt; margin-left:0in; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri",sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-family:"Calibri",sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} .MsoPapDefault {mso-style-type:export-only; margin-bottom:8.0pt; line-height:107%;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.WordSection1 {page:WordSection1;} -->
ed cfscrape-2.1.1 configparser-5.0.0 jdcal-1.4.1 networkx-2.4 oauthlib-3.1.0 odfpy-0.9.6 openpyxl-2.2.2 osrframework-0.20.1 pyexcel-0.2.1 pyexcel-io-0.1.0 pyexcel-ods-0.1.1 pyexcel-text-0.2.0 pyexcel-xls-0.1.0 pyexcel-xlsx-0.1.0 python-emailahoy3-0.1.3 python-whois-0.7.2 requests-oauthlib-1.3.0 tabulate-0.8.7 tweepy-3.8.0 validate-email-1.3 xlrd-1.2.0 xlwt-future-0.8.0

• Now, use this command to find the help option of Osrframework, osrf -h

• Alias Generator : Using this OSRFramework tool we can generate alias names by providing the required details ex “Name”, “surname”, “City” and, “Country”. Then it generates fake names

• Next, use this command to find help options alias_generator.py -h
• Now, use this command to run alias generator alias_generator.py
• We will be using arbitrary names for testing purpose.

• It will generate alias names and will be saved in output.txt file.
• Use cat command to view the alias names.

Domainpy: In the Osrframework we have an option to check the domain name. This can retrieve any domain details which exist. In the results, it displays domain name with the IP address

• Next, use this command to find Domainpy help domainfy.py -h
• Now, use this command domainfy.py -n google -o google
  • -n = name of the domain
  • -o = save the file name

• Here, we got the results of google’s domain. with IP addresses.

Emailfy: In the Osrframework we can also collect the valid email address by simply entering the name. This emailpy will collect the data with the same name in different domains and platforms.

• Next, use this command to find the Emailpy help options mailfy.py -h
• Now, use this command to collect the valid emails mailfy.py -n nandu -o nandu
  • -n = name
  • -o = save output data
• We can also specify the required platform to be collected by using option -p.

• This malify will crawl all the data and directly displays the results.

• In the above picture, we see the valid email address, domain names, and platforms.

Searchfy.py: In the OSRFramework we have an option Searchfy.py this option collects the particular person’s profile public URL’s in different platforms.

• Next, use this command to find searchfy help options searchfy.py -h
• Use this command to search for the profiles searchfy.py -q “ravi” -o ravi

• This option will crawl all the data which is publicly available on the internet and directly displays the results.

• Here, we got the public profile links with alias names in different platforms. Now, copy the URL and open in browsers to verify the results.

• Successfully we got the results of the user.

Usufy: In the OSRFramework we have usufy option, this option will collect all the users’ social media profile by simply providing any Nick Name

• Use this command to find the usufy help options usufy.py -h

Checkfy: In the OSRFramework we have an option called Checkfy, this option is used to guesses the email address and provides the results by simply specifying the Nickname and Email Pattern.

• Use this command to find the checkfy help options checkfy.py -h

Phonefy: We have an option called phonefy, this option is used to collect the information about mobile phone which are connected to spam.

Use this command to find the phonefy help options phonefy.py -h

Conclusion

Now, we saw how easy to collect any profile, Domain and, Email Address on different platforms from the internet using this OSRFramework. This tool is easy to understand and collect good amount of data in less time.

The post Find any person on the internet by using this OSRFramework appeared first on Information Security Newspaper | Hacking News.

For hacking any website or web application, information gathering phase about the target is must. Hackers use different tools for collecting unique information about the target. Web killer is another information-gathering tool with nice options to scan the target. In this tool, we have all the option to perform information gathering and this tool is completely built on the python programming language.

Environment

• OS: Ubuntu 18.04.4, 64 bit
• Kernel version: 5.3.0-45-generic

Installation Steps

• Use this command to clone the file. git clone https://github.com/ultrasecurity/webkiller

root@ubuntu-VirtualBox:/home/iicybersecurity# git clone https://github.com/ultrasecurity/webkiller
Cloning into 'webkiller'…
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 160 (delta 0), reused 0 (delta 0), pack-reused 157
Receiving objects: 100% (160/160), 97.63 KiB | 254.00 KiB/s, done.
Resolving deltas: 100% (56/56), done.

• Use the cd command to enter into the webkiller directory.
  • cd webkiller/

root@ubuntu-VirtualBox:/home/iicybersecurity# cd webkiller/
root@ubuntu-VirtualBox:/home/iicybersecurity/webkiller#

• Next, use this command to install the requirements.txt
  • pip3 install -r requirement.txt

• Now, use this command to launch the tool
  • python3 webkiller.py

• Here we see the 3 options, Information gathering, CMS Detection, and Developer. Choose the required option.

Information Gathering

Information Gathering is just like collecting information about the target it can be a web application or a network, which are publicly available on the internet.

• In the information gathering, we have 14 options.

• Now, we will show some unique option.

Bypass Cloud Flare

Cloud Flare acts as a reverse proxy between the website and website users. These are the countries where cloud Flare services are available.

So, most of the websites are using cloud flare services.

• Choose option 1, select cloud flare and enter the domain name.

• Here we got the URLs about the targeted website.
• Now, open the URL in our browser. To check whether the URL takes us working.

• Here, we got the admin’s page of website.

Port Scan

The port scan is to check open ports in a domain/IP.

• Choose option 5, to start the port scan.
• For scanning the domain/IP, this webkiller is using the Nmap tool.

• Here, we see the ports, state and service on the target domain.

Trace Toute

Trace Toute is a tool that records the data packet traveling from host computer to destination via the internet.

• Now, choose option 3 for Trace Toute

• Here, we see the packets and the average time on each hop.

CMS Detection

In the webkiller we have an option called CMS Detection. The main aim of this is to detect the target website CMS (content management system).

• Choose option 2 and select option 1 for WordPress.
• Select option 1 for plugins

• In the above picture, we can see two URLs. Open this URLs in the browser and let’s check whether we get any information.

• Here, we can see the admin’s data. Now let me open the API-keys.js and check whether we find any information in these folders.

Conclusion

Information gathering phase is very important phase of doing pentesting, this tool is easy to use and can be used to craft further attacks.

The post Hack Information of Any Website using WebKiller appeared first on Information Security Newspaper | Hacking News.

According to ethical hacking researcher of International Institute of Cyber Security, stardox can be used to find the detailed information of any github tool used in initial phase of pentesting. As it shows information of any github user.

Today we will show you tool called STARDOX. Stardox is an information gathering tool for stargazers. Stardox scraps github for information of stargazers details. Stardox creates a tree view of stargazers details. For showing you we have tested this tool on Kali Linux 2018.4

• For cloning type git clone https://github.com/0xPrateek/Stardox.git
• Then type cd Stardox
• Type python3 ./setup.py
• Type python3 stardox.py

root@kali:/home/iicybersecurity/Downloads/Stardox/src# python3 stardox.py

ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
       sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
      sssssss            ssssssssss      ss     ss       sss     ss      sss    ss       ss      ss   sss    sss
     sssssss               ssss        sss     sss      sss      ss     sss      ss     ss      ss     ss   ss
    ssssssssssssss        ssss        sss     sss      sss      ss     sss       ss    ss      ss      ss  ss
    ssssssssssssss       ssss        sssssssssss      sssssssssss     sss       ss    ss      ss       ssss
             ssss       ssss        sssssssssss      sssssss         sss       ss    ss      ss       ssss
            ssss       ssss        sss     sss      sss  sss        sss       ss    ss      ss       ss  ss
 ssssssssssssss       ssss        sss     sss      sss   sss       sss     ss     ssssssssss        ss   ss

 
sssssssssssssss       ssss        sss     sss      sss     sss     sssssssss      ssssssssss       sss    sss        Made By : Pr0t0n 

 
Enter the repository address ::  

• The above query is used to start stardox tool. After starting tool enter the repository address.
• You can enter any repository address. Enter repository address.

• Type https://github.com/0xPrateek/Stardox

Enter the repository address :: https://github.com/0xPrateek/Stardox


[+] Got the repository data
 [+] Repository Title : Stardox
 [+] Total watchers : 1
 [+] Total stargazers : 10
 [+] Total Forks : 1
 [~] Doxing started …
 
 Stardox
 ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
 |
 |-----ZankoyDll1999 (@ZankoyDll1999)
 |  |
 |  |--Total Repsitories :: 3
 |  |--Total Stars       :: 15
 |  |--Total Followers   :: 12
 |  |--Total Following   :: 0
 |
 |
 |-----Byungho (@tais9)
 |  |
 |  |--Total Repsitories :: 0
 |  |--Total Stars       :: 26
 |  |--Total Followers   :: 28
 |  |--Total Following   :: 1
 |
 |
 |-----IraqNoPhobia (@IraqNoPhobia)
 |  |
 |  |--Total Repsitories :: 146
 |  |--Total Stars       :: 120
 |  |--Total Followers   :: 6
 |  |--Total Following   :: 11
 |
 |
 |-----Anurag Batra (@DevelopedByAnurag)
 |  |
 |  |--Total Repsitories :: 7
 |  |--Total Stars       :: 1
 |  |--Total Followers   :: 8
 |  |--Total Following   :: 2
 |
 |
 |-----an0nhax0r (@an0nhax0r)
 |  |
 |  |--Total Repsitories :: 3
 |  |--Total Stars       :: 6
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 1
 |
 |
 |-----c0d3r001 (@c0d3r001)
 |  |
 |  |--Total Repsitories :: 0
 |  |--Total Stars       :: 2
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----jackhacker191 (@jackhacker191)
 |  |
 |  |--Total Repsitories :: 1
 |  |--Total Stars       :: 3
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----alex0019 (@alex0019)
 |  |
 |  |--Total Repsitories :: 2
 |  |--Total Stars       :: 3
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----Prateek Mishra (@0xPrateek)
 |  |
 |  |--Total Repsitories :: 4
 |  |--Total Stars       :: 7
 |  |--Total Followers   :: 5
 |  |--Total Following   :: 0
 

• The above query shows the stargazers, watchers and forks of the github repository.
• In github, user can watch releases of the projects in a repository without being notified of every single change. Watchers watches the github repository for changing in watcher list.
• In github, any user can star other user’s repositories in there own repository that user is known as stargazers.
• In github, stars are used to save or bookmark other user’s project so they can keep track on.
• In github, fork can copy project and can freely experiment on copied project without harming the original project in github.
• In github, when you follow people. You can see their activity view in your news feed, you are knows to be as follower.
• The above query shows the many information of any github user which can be used in initial phase of penetration testing.

Trying To Search For Popular Projects :-

• For searching popular projects, you can search on the internet by typing top github projects, or popular github projects. Take any one the repository for further analysis.
• Type https://github.com/karanahmedse/developer-roadmap

Enter the repository address :: https://github.com/kamranahmedse/developer-roadmap

  
[+] Got the repository data 
[+] Repository Title : developer-roadmap
 [+] Total watchers : 4593
 [+] Total stargazers : 68246
 [+] Total Forks : 10657
 [~] Doxing started … 

developer-roadmap
 
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
 |
 |-----Anthony (@xero88)
 |  |
 |  |--Total Repsitories :: 26
 |  |--Total Stars       :: 69
 |  |--Total Followers   :: 3
 |  |--Total Following   :: 1
 |
 |
 |-----Rickon (@gs666)
 |  |
 |  |--Total Repsitories :: 25
 |  |--Total Stars       :: 61
 |  |--Total Followers   :: 9
 |  |--Total Following   :: 21
 |
 |
 |-----Jia (@jia2)
 |  |
 |  |--Total Repsitories :: 10
 |  |--Total Stars       :: 88
 |  |--Total Followers   :: 4
 |  |--Total Following   :: 3
 |
 |
 |-----Reyton (@Rey70N)
 |  |
 |  |--Total Repsitories :: 5
 |  |--Total Stars       :: 5
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----Vinny Wang (@ipaste)
 |  |
 |  |--Total Repsitories :: 866
 |  |--Total Stars       :: 192
 |  |--Total Followers   :: 5
 |  |--Total Following   :: 30
 |
 |
 |-----Shun Nishitsuji  (@Asuforce)
 |  |
 |  |--Total Repsitories :: 62
 |  |--Total Stars       :: 51
 |  |--Total Followers   :: 18
 |  |--Total Following   :: 23
 |
 |
 |-----XiMiMax (@duyangs)
 |  |
 |  |--Total Repsitories :: 18
 |  |--Total Stars       :: 176
 |  |--Total Followers   :: 3
 |  |--Total Following   :: 3
 |
 |
 |-----wangtiant (@wangtiant)
 |  |
 |  |--Total Repsitories :: 0
 |  |--Total Stars       :: 17
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----Əlişiram (@eelishiram)
 |  |
 |  |--Total Repsitories :: 6
 |  |--Total Stars       :: 13
 |  |--Total Followers   :: 5
 |  |--Total Following   :: 4
 |
 |
 |-----xinple (@xinple)
 |  |
 |  |--Total Repsitories :: 0
 |  |--Total Stars       :: 2
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----Samuel Aniefiok (@Cool-sami12)
 |  |
 |  |--Total Repsitories :: 26
 |  |--Total Stars       :: 2
 |  |--Total Followers   :: 6
 |  |--Total Following   :: 23
 |
 |
 |-----xixi (@yiuyiu)
 |  |
 |  |--Total Repsitories :: 30
 |  |--Total Stars       :: 213
 |  |--Total Followers   :: 1
 |  |--Total Following   :: 16
 |
 |
 |-----Barry Lu (@barrylu1999)
 |  |
 |  |--Total Repsitories :: 7
 |  |--Total Stars       :: 14
 |  |--Total Followers   :: 1
 |  |--Total Following   :: 10
 |
 |
 |-----Michael_M (@ManspergerMichael)
 |  |
 |  |--Total Repsitories :: 36
 |  |--Total Stars       :: 3
 |  |--Total Followers   :: 6
 |  |--Total Following   :: 4
 |
 |
 |-----Harun Raşit Pekacar (@0hr)
 |  |
 |  |--Total Repsitories :: 1
 |  |--Total Stars       :: 291
 |  |--Total Followers   :: 10
 |  |--Total Following   :: 11
 |
 |
 |-----ansiz (@ansiz)
 |  |
 |  |--Total Repsitories :: 45
 |  |--Total Stars       :: 590
 |  |--Total Followers   :: 17
 |  |--Total Following   :: 23
 |
 |
 |-----Kilian (@KilianTarb)
 |  |
 |  |--Total Repsitories :: 20
 |  |--Total Stars       :: 4
 |  |--Total Followers   :: 1
 |  |--Total Following   :: 1
 |
 |
 |-----dyadyul (@dyadyul)
 |  |
 |  |--Total Repsitories :: 0
 |  |--Total Stars       :: 501
 |  |--Total Followers   :: 7
 |  |--Total Following   :: 3
 |
 |
 |-----Irfan (@irfan-dahir)
 |  |
 |  |--Total Repsitories :: 11
 |  |--Total Stars       :: 217
 |  |--Total Followers   :: 10
 |  |--Total Following   :: 12
 |
 |
 |-----Dharmik (@dharmikbhandari)
 |  |
 |  |--Total Repsitories :: 3
 |  |--Total Stars       :: 1
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 1
 |
 |
 |-----Warren (@TheYon)
 |  |
 |  |--Total Repsitories :: 4
 |  |--Total Stars       :: 25
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----edwinxx (@edwinxx)
 |  |
 |  |--Total Repsitories :: 0
 |  |--Total Stars       :: 3
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 2
 |
 |
 |-----vstammeg (@vstammeg)
 |  |
 |  |--Total Repsitories :: 6
 |  |--Total Stars       :: 6
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----Omid Golzarian (@onooma)
 |  |
 |  |--Total Repsitories :: 4
 |  |--Total Stars       :: 149
 |  |--Total Followers   :: 10
 |  |--Total Following   :: 7
 |
 |
 |-----廖泽恩 (@liaozeen)
 |  |
 |  |--Total Repsitories :: 14
 |  |--Total Stars       :: 142
 |  |--Total Followers   :: 3
 |  |--Total Following   :: 75
 |
 |
 |-----ZoomZhao (@ZoomZhao)
 |  |
 |  |--Total Repsitories :: 20
 |  |--Total Stars       :: 341
 |  |--Total Followers   :: 47
 |  |--Total Following   :: 18
 |
 |
 |-----David Cifuentes (@dcifuen)
 |  |
 |  |--Total Repsitories :: 12
 |  |--Total Stars       :: 226
 |  |--Total Followers   :: 23
 |  |--Total Following   :: 29
 |
 |
 |-----Budi Salah (@BudiSalah)
 |  |
 |  |--Total Repsitories :: 8
 |  |--Total Stars       :: 10
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 3
 |
 |
 |-----mike (@mike-sino)
 |  |
 |  |--Total Repsitories :: 6
 |  |--Total Stars       :: 282
 |  |--Total Followers   :: 6
 |  |--Total Following   :: 8
 |
 |
 |-----zhang xin (@Alex-Daocaoren)
 |  |
 |  |--Total Repsitories :: 13
 |  |--Total Stars       :: 252
 |  |--Total Followers   :: 2
 |  |--Total Following   :: 35
 |
 |
 |-----Bronco (@bronco)
 |  |
 |  |--Total Repsitories :: 3
 |  |--Total Stars       :: 14
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----Pokemon1025 (@Pokemon1025)
 |  |
 |  |--Total Repsitories :: 3
 |  |--Total Stars       :: 13
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 3
 |
 |
 |-----dinglei (@dadingSaid)
 |  |
 |  |--Total Repsitories :: 57
 |  |--Total Stars       :: 252
 |  |--Total Followers   :: 10
 |  |--Total Following   :: 25
 |
 |
 |-----fwt (@137942170)
 |  |
 |  |--Total Repsitories :: 9
 |  |--Total Stars       :: 28
 |  |--Total Followers   :: 4
 |  |--Total Following   :: 23
 |
 |
 |-----拾肉觅 (@ShiRouMi)
 |  |
 |  |--Total Repsitories :: 10
 |  |--Total Stars       :: 300
 |  |--Total Followers   :: 11
 |  |--Total Following   :: 59
 |
 |
 |-----brandy (@xiaoqing-yuanfang)
 |  |
 |  |--Total Repsitories :: 30
 |  |--Total Stars       :: 424
 |  |--Total Followers   :: 6
 |  |--Total Following   :: 172
 |
 |
 |-----afewnotes (@afewnotes)
 |  |
 |  |--Total Repsitories :: 23
 |  |--Total Stars       :: 22
 |  |--Total Followers   :: 25
 |  |--Total Following   :: 80
 |
 |
 |-----HISUN (@hisuny)
 |  |
 |  |--Total Repsitories :: 10
 |  |--Total Stars       :: 38
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----Syafie Mustafa (@SyafieMustafa)
 |  |
 |  |--Total Repsitories :: 0
 |  |--Total Stars       :: 5
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 1
 |
 |
 |-----RanjitMane7 (@RanjitMane7)
 |  |
 |  |--Total Repsitories :: 3
 |  |--Total Stars       :: 1
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----Allen (@viciwang)
 |  |
 |  |--Total Repsitories :: 22
 |  |--Total Stars       :: 147
 |  |--Total Followers   :: 7
 |  |--Total Following   :: 14
 |
 |
 |-----convee (@convee)
 |  |
 |  |--Total Repsitories :: 14
 |  |--Total Stars       :: 355
 |  |--Total Followers   :: 2
 |  |--Total Following   :: 8
 |
 |
 |-----Shaun Thomas (@shaunthomas999)
 |  |
 |  |--Total Repsitories :: 24
 |  |--Total Stars       :: 42
 |  |--Total Followers   :: 4
 |  |--Total Following   :: 28
 |
 |
 |-----mew_151 (@y0sh-S)
 |  |
 |  |--Total Repsitories :: 4
 |  |--Total Stars       :: 5
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 1
 |
 |
 |-----Javmain (@javmain)
 |  |
 |  |--Total Repsitories :: 50
 |  |--Total Stars       :: 556
 |  |--Total Followers   :: 13
 |  |--Total Following   :: 55
 |
 |
 |-----Eric Zhang (@my101du)
 |  |
 |  |--Total Repsitories :: 17
 |  |--Total Stars       :: 12
 |  |--Total Followers   :: 20
 |  |--Total Following   :: 17
 |
 |
 |-----NEIL (@Army-U)
 |  |
 |  |--Total Repsitories :: 17
 |  |--Total Stars       :: 533
 |  |--Total Followers   :: 10
 |  |--Total Following   :: 127
 |
 |
 |-----wilx (@wil-x)
 |  |
 |  |--Total Repsitories :: 1
 |  |--Total Stars       :: 20
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 1
 |
 |
 |-----MahoneWei (@MahoneWei)
 |  |
 |  |--Total Repsitories :: 1
 |  |--Total Stars       :: 1
 |  |--Total Followers   :: 0
 |  |--Total Following   :: 0
 |
 |
 |-----未枝 (@soyaine)
 |  |
 |  |--Total Repsitories :: 25
 |  |--Total Stars       :: 208
 |  |--Total Followers   :: 155
 |  |--Total Following   :: 102 
 

• The above query shows the large no. of list of followers, stars, repositories.
• The above information can be used to find tools on github for your hacking activities, according to ethical hacking teachers. Various developers, security researchers and users who uses github. They can be easily watch as what activity they are doing.

The post Scan Github popular tools for hacking appeared first on Information Security Newspaper | Hacking News.

Pentesting is all about showing and reporting problems in web/mobile applications. This is the most popular part of cyber security which every researcher/security enthusiast want to do. Because it gives a brief knowledge how to penetrate any web application. Pentesting is done by information gathering. There are many tools/scripts available over the internet which can be used for information gathering, mention ethical hacking reasearchers. So today we came with another tool written by Joker Security. Tool named as Devploit which is used in information gathering and also another similar all in one tool is Mercury Tool.

Devploit is an very easy to use tool which gives information for your target. You have to just run this script with some of the basic commands of linux. You can gather a lot of information about your target before exploiting. This tool completes the list of various tools like DNS, Whois IP, Geo IP, Subnet Lookup, Port Scanner and many other tools which comes handy in initial phase of penetration testing, ethical hacking professionals assure. Now we will show you features of devploit. For showing you we have install devploit on Kali Linux. There are other Linux distros in which devploit support Ubuntu, Mint and parrot.

• For cloning type git clone https://github.com/joker25000/Devploit.git
• Then type cd Devploit
• Type ls -ltr to check the permissions of the files that are included in devploit directory.

root@kali:/home/iicybersecurity/Downloads/Devploit# ls -ltr
 total 32
 -rw-r--r-- 1 root root 1838 Dec 30 23:32 README.md
 -rw-r--r-- 1 root root 2154 Dec 30 23:32 install
 -rw-r--r-- 1 root root 8469 Dec 30 23:32 Devploit.py
 drwxr-xr-x 2 root root 4096 Dec 30 23:32 Dev
 -rw-r--r-- 1 root root 1990 Dec 30 23:32 update.py
 drwxr-xr-x 5 root root 4096 Dec 30 23:32 modules

• By default devploit installer files does not come with execute permission so for changing permission of the install file type chmod u+x install
• For checking if the permission has changed type ls -ltr. If the permission has changed then install file will turn into green color.

root@kali:/home/iicybersecurity/Downloads/Devploit# chmod u+x install
 root@kali:/home/iicybersecurity/Downloads/Devploit# ls -ltr
 total 32
 -rw-r--r-- 1 root root 1838 Dec 30 23:32 README.md
 -rwxr--r-- 1 root root 2154 Dec 30 23:32 install
 -rw-r--r-- 1 root root 8469 Dec 30 23:32 Devploit.py
 drwxr-xr-x 2 root root 4096 Dec 30 23:32 Dev
 -rw-r--r-- 1 root root 1990 Dec 30 23:32 update.py
 drwxr-xr-x 5 root root 4096 Dec 30 23:32 modules

• Then type python Devploit.py

root@kali:/home/iicybersecurity/Downloads/Devploit# python Devploit.py

               ,
               |'.             , ...  Devploit  -  Information Gathering Tool
               |  '-._        / )
             .'  .._  ',     /_'-,
            '   /  _'.'_\   /._)')
           :   /  '_' '_'  /  _.'
           |E |   |Q| |Q| /   /
          .'  _\  '-' '-'    /
        .'--.(S     ,__` )  /
              '-.     _.'  /
            __.--'----(   /
        _.-'     :   __\ /
       (      __.' :'  :Y
        '.   '._,  :   :|
          '.     ) :.__:|
            \    \______/
             '._L/_H____]

==[[ .:: Name : Devploit ::.]]==

==[[ .:: Version: 3.6 ::.]]==

==[[ .:: Author : Joker-Security ::.]]==

==[[ .:: Github : https://www.github.com/joker25000 ::.]]==

==[[ .:: Twitter: https://twitter.com/SecurityJoker ::.]]==

This Is Simple Script By : Joker-Security

  Let's Start  --> --> -->

1 }  ==>  DNS Lookup

 2 }  ==>  Whois Lookup

 3 }  ==>  GeoIP Lookup

 4 }  ==>  Subnet Lookup

 5 }  ==>  Port Scanner

 6 }  ==>  Extract Links

 7 }  ==>  Zone Transfer

 8 }  ==>  HTTP Header

 9 }  ==>  Host Finder

 10}  ==>  IP-Locator

 11}  ==>  Traceroute

 12}  ==>  Robots.txt

 13}  ==>  Host DNS Finder

 14}  ==>  Revrse IP Lookup

 15}  ==>  Collection Email

 16}  ==>  Subdomain Finder

 17}  ==>  Install & Update

 18}  ==>  About Me

 00}  ==>  Exit

Enter 00/18 => =>

• Choose any option on which tool you want to use. Then type tool number as shown below.

Getting DNS of the Target :-

• Type 1
• Type <Target URL>.
• Type www.hackthissite.org

Enter 00/18 => =>  1
 Entre Your Domain :www.hackthissite.org
 www.hackthissite.org.   3599    IN      A       137.74.187.100
 www.hackthissite.org.   3599    IN      A       137.74.187.104
 www.hackthissite.org.   3599    IN      A       137.74.187.103
 www.hackthissite.org.   3599    IN      A       137.74.187.101
 www.hackthissite.org.   3599    IN      A       137.74.187.102
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:101
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:103
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:102
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:104
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:100

• As shown above after scanning using DNS lookup. Dns shows the A and AAA records of the target. This information can be used in other hacking activities.

Getting Whois Lookup for the Target :-

• Type 2 for whois lookup which tells you the basic information about the target. It shows server, update data, expiry date and many more information which whois provide.
• Then type hack.me

Enter 00/18 => =>  2
 Enter IP Address : hack.me
 Domain Name: HACK.ME
 Registry Domain ID: D108500000000003559-AGRS
 Registrar WHOIS Server: whois.godaddy.com
 Registrar URL: https://www.godaddy.com
 Updated Date: 2018-04-30T15:06:34Z
 Creation Date: 2008-04-29T18:00:32Z
 Registry Expiry Date: 2021-04-29T18:00:32Z
 Registrar Registration Expiration Date:
 Registrar: GoDaddy.com, LLC
 Registrar IANA ID: 146
 Registrar Abuse Contact Email: abuse@godaddy.com
 Registrar Abuse Contact Phone: +1.4806242505
 Reseller:
 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
 Registrant Organization: Domains By Proxy, LLC
 Registrant State/Province: Arizona
 Registrant Country: US
 Name Server: NS5.DNSMADEEASY.COM
 Name Server: NS6.DNSMADEEASY.COM
 Name Server: NS7.DNSMADEEASY.COM
 Name Server: NS4.HACK.ME
 DNSSEC: unsigned
 URL of the ICANN Whois Inaccuracy Complaint Form  https://www.icann.org/wicf/)

 Last update of WHOIS database: 2018-12-31T06:14:27Z <<< 
 
For more information on Whois status codes, please visit https://icann.org/epp 
 
The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. 

• The above command shows the server of the target. Name server, Domain status. Registrar email ID and phone no.
• The above information can be used in other hacking activities.

Getting Emails of the Target :-

• Type 15 for collection mails.
• Type hack.me

Enter 00/18 => =>  15
 Entre Your Domain :hack.me
 [>] Initiating 3 intel modules
 [>] Loading Alpha module (1/3)
 [>] Beta module deployed (2/3)
 [>] Gamma module initiated (3/3)

[+] Emails found: 
pixel-1546237263523024-web-@hack.me
pixel-1546237266842168-web-@hack.me 

[+] Hosts found in search engines: 
 -] Resolving hostnames IPs…
 74.50.111.244:me.hack.me 

[+] Virtual hosts: 
 74.50.111.244   hack.me
 74.50.111.244   hack.me 

• The above shows the email addresses of the target. The above information can be used in other hacking activities.

Getting Subdomains of the Target :-

• Type 16 for subdomain finder.
• Type hack.me

Enter 00/18 => =>  16

Entre Your Domain :hack.me

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Your Target Choice :hack.me

hacks.me

chop.me

pros.me

pro.me

wifihack.me

hackeie.me

gohack.me

howtohack.me

hackprotect.me

comehackwith.me

intahackgram.me

soyouthinkyoucanhack.me

come-hack-with.me

mindhack.me

datehack.me

luxhack.me

hacksub.me

hacks.org

computing.org

pros.org

hackers.info

hacker.eu

hacks.co

computing.eu

hacks.net

chops.eu

pros.co

hack.es

chop.info

hack.it

chop.co

pros.co.uk

old.co

cut.co

hack.info

hackers.fr

hackers.it

hacker.es

hacker.it

hacks.es

hacks.fr

hacks.nl

chops.nl

computing.ch

chop.nl

old.ch

old.it

old.nl

old.fr

cut.es

cut.nl

chop.club

chops.net

hacks.de

hack.fr

pros.de

old.info

old.at

hackers.es

hackers.ch

hacker.fr

hacks.ch

pros.ch

hackers.club

chops.club

pros.club

cut.club

old.club

pro.guru

old.berlin

hackhashgraph.com

hackers.at

hacks.at

computing.at

hack.xyz

robloxhack.com

hackgems.com

cheathack.com

updatehack.com

hackzone.com

hackroblox.com

hackdeutsch.com

hackguru.com

legendhack.com

instahack.com

hackstore.com

hackarena.com

hackyogi.com

mailhack.com

hackdays.com

hackslash.com

zerohack.com

rankhack.com

moneyhack.com

mindhack.com

antihack.com

hackbart.com

hackteck.com

bedshack.com

payshack.com

• The above list can be used to make an dictionary which can used in dictionary attack or in other hacking activities.

Getting Reverse IPs of the Target :-

• Type 14 for reverse ip lookup.
• Type hack.me

Enter 00/18 => =>  14

Enter IP Address : hack.me

74-50-111-244.static.hvvc.us

hack.me

ns4.hack.me

www.hack.me

• After executing the above command it shows the target another hosted addresses. Reverse lookup helps in finding the phishing pages or in other hacking activities.

The above tool shows many information about the target which can help lots of pentesters or security researchers. According to ethical hacking researcher in international institute of cyber security Devploit comes handy as it consumes lot of time if you compare to other tools. Its an easy tool for gathering information.

The post Do Hacking with Simple Python Script appeared first on Information Security Newspaper | Hacking News.