Find Anyone Online: The Power of OSINT in Cybersecurity!

hey everybody welcome back to nilson networking I know you've seen them the attention Seekers on social media posting everything from their meals for the day to the result of those meals for the day the friend who's a few beers short of a six-pack or the one who actually is drinking a six-pack while driving and then there's the ones that just leave you speechless but what do all these lovely people have to do with ENT you ask well everything so what is ENT for anyone who may not be aware let's go ahead and spell it out

ENT stands for open or a short for I should say open source intelligence and it is defined as intelligence produced by collecting evaluating and analyzing publicly available information with the purpose of answering a specific intelligence question information versus intelligence isn't that weird how that just lined up perfectly well what's the difference you ask the difference would be I give you report you know there's great information in this report it's just information at that point right you haven't read it you don't know anything about it you just know there's good data there right now let's say

you take it a step further and you review that report you analyze that report you go through it and you sift through and take out what you need what you take out is the intelligence it's what you need you've had time to interpret what is in that report and what is useful to you for what whatever task you're trying to accomplish that's the difference and it's very important because there's a lot of information you know out on the internet in a library a Public Records Office you know there there's just so much it's important in

which we're going to focus on is how to get out the information you need for the task at hand and where can you find open source information you can find it all over but I'm just going to go over a few here that I thought were interesting um public records websites meaning the internet um images and videos believe it or not and of course the dark web and many many more but who uses ENT are these just hackers or you know the government or whoever it might be no you know who uses it everyone and

you've used it I'll give you an example you have let's say you have a dating app May or yeah let's just go with that you have a dating app right and you find this person and you're like oh wow I want to know more about them what do you do you go on their Facebook you go on there LinkedIn you know you're practically stuck in them at this point uh but you go out and you gather more information right that's what you're doing or if you're a company and you're hiring someone you might go out

on the internet look at their Facebook posts see what hopefully they you know as you saw the intro hopefully you weren't looking at any of those people but that's what you're going to do you're gathering this information and you probably didn't even know that you were doing OS at that point so what are the objectives of this video to discover how osen is used in security and intelligence gathering ethical hacking and penetration testing with that said we're going to get into it okay so to get started I'm going to ask everyone watching the video for

the time being to please imagine that you work for a cyber security company and your company has been hired by another company to perform a penetration test uh and the only thing is with this company they're not going to give you any information other than their company name they're not going to give you IPS domains subnets uh you know who works there nothing that's all again think black hat blackish um and for our imaginary pentest here we're going to go and say the company's name is and map software LLC so with limited information being the

company name how can we get things going and we're obviously going to need more information about the company right like we're going to need to know who works there what do they do what do they even do um and with all that in mind I want to introduce you to our first tool of the video which is something known as Google dorks and you've probably seen this if you have any interest in you know what it is but I'm going to take this hopefully a step further and actually show you how it works and give

you a better understanding that said Google Dorking for those of you who don't know um and it's also known as Google hacking maybe you've heard of it called that um and it it's it's pretty much your tool to taking a normal search query where you know you just go to google.com or whatever and you type in what is end map to taking it to the next level using advanced search op operators um in cleverly crafted search strings let's just say uh and I'll show you how those work and so you can do these on your

own uh and by doing this you can penetrate into the depths of the internet that isn't easily accessible with normal search queries so how do we do it first thing we're going to need to do is open a web browser anyone you want even Microsoft Edge if you're one of those people will work you're going to head on over to Google and for the purpose of this video I will just remind you we are imagining we're performing a penetration test and the reason I say that is because there are numerous numerous numerous different um search

strings search operators that you can use that are Google dorks I'm going to use ones that would pertain to an actual pentest at the end of the video I will throw up a couple sites you can go to that actually have all of the different Google dorks and all the different strings um that you could check out if you wanted to take this further which would probably be a good idea if you're serious about pentesting but for us we're going to start with the site operator and what that does it says search the site go

figure right and I think the best site to start with would be linkedin.com we could go to Facebook or Instagram or whatever but being we're looking up only a business name because that's all the information we have I think it would be best to start here and it's my video so that's what we're going to do we're going to go to end map software LLC and we're just going to hit enter and looky first result we get we get a couple here but what we're going to do for this video we're going to go ahead

and click on this because this looks pretty golden right here we have the founder and CTO Gordon so we're going to click on it and we're going to head on over and then remember this is the first time we're finding out information about this so what you want to do is keep that mindset so now we found out that according to Gordon he's the founder of nmap and uh and pcap projects so that's pretty good information right there right there's also information over here on the company if we click on it okay so it tells

us oh look they produce the inmap security scanner I didn't know that I love that software so here Gordon is now I know Gordon is the founder of the company that creates my favorite software um but anyways not going down that rabbit hole right now what we're going to do we're going to go back up and we're going to see what other information we can have what happens if we click the contact info oh look there's his profile that's great but there's also other websites that we may be able to leverage uh scrolling down we

could see what posts he's put up um that's you know it could be relevant or not like he's selling new's in San Francisco he's at the RSA conference and you get the you get the idea the information that's out there right you can also see who's endorsing him maybe there are other workers you could then leverage these other workers for you know different means who knows maybe you send you take the pen test and you take it and you send a uh a fishing test fishing campaign you could leverage these people and you know utilize

their names in these these um campaigns and things like that so so you get it you go down you can say he's interested in Bill Gates and all that so anyways this is just one site and one person we found with all this intelligence returned before all we had was the information of this is the company now we know a little bit of Intel about the company but let's take it a step further and see if we can gather a little bit more information using Gordon's name and a search and a Google dork I should

say so let's go ahead and just wipe that out and let's change this to how about facebook.com and let's put in um what should we put let's put in Gordon uh what was this f y o d o r I think oh look it's kind of trying to be helpful and let's see if it okay well it was semi- helpful and we're going to go ahead and we're going to hit return or uh search looks like we misspelled it but it seems to have corrected it for us and here we go it looks like the

first result we're coming in with he's a hacker at a nmat project sounds pretty promising so let's go ahead and click on it and let's Mosey on over there I'm not going to sign up for a Facebook account but without even signing up for a Facebook account we can kind of scroll down and get some more information here's another picture of Gordon um and what other photos are there apparently we're not going to get to see those photos without you know signing up you could technically uh do that I guess if you wanted I'm not

sure if that would be against terms of services or whatever so you need to verify that but for the point of this video we're just imagining we're not going to do that because we don't need to because we can get more information without without even doing that look there's another picture uh you can go and kind of go down and see what else is there um there's not a ton on Facebook but you get the point there's more information here uh what happens if we clicked on this uh that's what happens it's kind of like

a pay wall um but a sign up here so anyway we got a little bit more information out of that website using the same Google dork okay pretty good right that would then allow us you know to take things like I said and go a step further um so what I want to do now is I want to know okay so we know now Gordon we know what map does we know they they do scanning Port scanning um or they created a software that does it for you um so we know enough information to now

switch and use a different search operator and we're actually going to use a couple of them together and the first one we're going to do is file type just like that with a colon and what you're going to do is you're going to pick what you want to do and I'm going to go PDF because that's probably where you're going to find most of out there you could always do docx and you know xlsx and things like that but I'm just going to go with PDF and what I'm going to do is the second operator

I'm going to say in title which tells it in the title um I want this and what I want is Port scanning because that's what they said they do right so what I'm going to do I'm going to go ahead and run the search and what I get right away is you know that that looks interesting but that's not necessarily what I want uh and then I scroll down I get Port scanning Basics so let's go ahead and check that out I mean that might be useful right we're all we all want to know more

about nmap I mean it's such a wonderful tool and as you can see it's here is a PDF randomly out on the internet um with information on a map that alone is pretty helpful now this night might necessarily help you in a pentest per se if you will I mean it could it tells you more about exactly what the software they create does um but it gives you information with what you can actually find out on the internet um using this so you go back here and you can scroll down and there's even more here's

a PowerPoint I don't know why this showed up oh because it said said PowerPoint but it's actually a um PDF and you go down and you know it's just more information on inmap which is what we looked for um so with that said we're going to kind of unimagine now that we are performing necessarily A a pen test but we're just going to see what information we can get using different operators out there and what I want to do now is I want to change this over here and let's just see I don't know how

great this will be but we're going to try it because when I mentioned it earlier sounded like it could be pretty cool and we're going to do intitle and instead of that why don't we do um well I don't know if this well yeah let's just go we're going to go crazy we're going to do or because you can actually say I want to do this or that or you can actually instead of or use and uh we're going to do file type colon and we're going to do X LSX because I mentioned that earlier

and now we're going to say in title I want to use port scanning or how about just a map let's see what different results we get because before we were looking for PDF let's see if it's actually smart enough to give us returns for word docs and uh Excel and I think I did that correctly remember you want file type we got it twice so we're going to be looking for either a docx or an Excel and in the title it needs to say Port scanning or in map so let's go ahead and search and

here we go what are we getting right here oh it's a doc and as you scroll down this is an Excel I have no idea what that is but it looks like a doc and you can keep kind of going down I I I'm hesitant to click some of these but uh this one looks all right so let's go ahead and click on it and see what we're getting here um but as you can see the point was this if this wasn't an imaginary thing we were searching for something else um those results would have

come up with either an xlsx or a doc a doc X so you kind of get the point of how these work right I'm not really going to download that I thought it would quickly load but you kind of get the point where I'm going with this using these search operators because if you were just to go and type nmap Port scanner you you're going to get a whole different you're going to go to nmap which is great that's wonderful but that doesn't give us a PDF that doesn't give us um what specifically we were

looking for um so you can actually like I said you can narrow down what you're looking for and again I'm just scratching the F the surface for this video of what Google doring can do um now let's just mix this up a little bit so let's say I'm just going to reset back to google.com because I'm a nerd and I like to do that we're going to use something like a landing page for a popular VPN right let's say in title in title we're going to look for something and we'll just say Global protect portal

this a popular uh VPN software so this means any website that says you know Global protect portal for XYZ company da da da d da that's what we're hoping to get so let's go ahead and search this and as you can see here you go set up or you go here here's a portal for this you click on it you can see this is where you would log in to their portal uh and you can go down so what I'm what I'm trying to show you here is you could use this this looks like a

VPN portal so you could actually use this for a lot more than what I just showed you here and as promised uh here are a few sites that you can take Google D Dorking even further uh I want to show you right here oops it's going to do this site this is a listing and again we just went over a few but I just wanted to go over a few so you could see kind of how you would use you know we did end map we took that we found out the founder we found out

you know some friends maybe some followers some interest you could use that in your like I said your fishing campaign that you're going to do because every good pen test you have to see what you can get off of fishing campaign right so you can craft this with the Founder's name in it you could found you know all that information you could utilize to make yourself seem more legitimate which the whole is the whole point um but you go down you can see there's en title which we used uh there site which we used you

know there's file type which we use see we were great they're almost all in order and I swear I didn't do that on purpose but you can kind of go down and see and then they give you some examples and again I will throw this so you can cut and paste it in the description of the video but here's another one which is kind of the the mac daddy if you will of the Google doring this is actually the database and and you can go through here and as you can see I'm just on page

one of 529 of different um search strings and what you can do with them so that is pretty much Google Dorking in a nutshell it is very powerful and I wish I could spend more time on it but I can't make a 12- hour video on this um and I want to show you some other tools because there's a lot more ENT tools than just Google dorks so that said let's move on to our next next tool and our next tool once again requires the internet and what we're going to do is in case my

little hint at the beginning there um of this segment didn't give it away we're going to head over to the website known as showan doio if I could write that correctly and what shodan.io is it is a search engine for the internet of everything um but for some more background on it it is a search engine specifically designed to find Internet connected devices and service Services um so unlike traditional search engines like Google or being or Yahoo whatever your uh favorite search engine is duck. go um that index web content showan indexes information about devices

such as say routers webcam servers printers baby monitors all that crazy stuff that people put on the internet that they probably shouldn't um it's the reason honestly why you should make sure whatever you put on the internet first of all you need to put on the internet if you don't need to put it on the internet don't put it on the internet but if you do make sure it is damn well secured and that your firmware and everything else on that device uh security patches are applied to it otherwise don't put it on the internet

because there are sites like this that can and uh will you know index it so that said what are we going to do as you know performing a pen test if you will or just doing open source intelligence gathering uh we're going to use it to gather information about devices and networks so we can investigate further and you know maybe use them for Recon purposes uh now if you weren't you know specifically doing a pen test you could also just do it to um like let's say you were a company and you wanted to because

this is another service they offer you wanted to monitor your internet facing devices you can subscribe and then they'll tell you okay here are the devices you've put on that are registered to your company here's what the internet can see here's what you're putting out there these are the services that are running on it these are the ports that are open these are the vulnerabil for the software if you have any which I'll show you in a minute because it does show you that information as well um you can also use it to like map

out your geolocation of where your devices are those um monitoring and geolocation those are paid Services what I'm going to show you today is just the free service which will get you more than enough information to do some uh ENT and some um basic you know um Intel gathering for a pentest so what I wanted to show you here is the first um search and what we're going to do is we're going to search using an IP and the IP is actually of scan me. map.org because they have been kind enough to allow the world

to use this site um to test scanning um so what we're going to do is we're going to enter their IP if I can find it okay and we're going to go ahead and put it in and we're going to search it and look at these great results we get so you can see down here it is going to scam me. map.org uh over on the right it actually shows all the open ports right right up top right you click on them they're going to drop down to them but over here on the left under

all this you know kind of who is information you will or domain lookup information it actually shows the vulnerabilities and scam me. map.org is purposely left vulnerable to certain things so you can find them so you can practice them it's great website to utilize especially inmap um which is actually really what it's for U but you can use it other tools to scan against it as well um and as you go down you can see all the vulnerabilities you can even see the cve um rating you could see the the articles I believe if you

click on them yeah see it will it will then give you further information once the website decides to load oh well um apparently you got to log in to do that so but what you could do is you could take the cve here if I could copy it apparently it's not going to let me do that but you could type it in put it in the search browser boom it would pop the results go there and get more information especially on how you would uh remediate that vulnerability or if you were tester how you could

you know exploit that vulnerability um so that's one site I want to go back here I'm just going to go up here and we're going to use um a new IP which probably everyone out there knows is Google's DNS servers these are publicly available as well um and you can just see you go there and you're going to get 53 which is the port DNS requires so of course that's going to be open right then you get 443 um and nothing else I mean OB you can see the information that you can actually see the

um key the public key and everything um and I think you can even see the algorithm and things like that somewhere down there um but I don't want to go down that rabbit hole right now um and you can actually see what it's doing click on it a little further here and it will kind of give you um the a records and name servers text records things like that so you can get a lot of information let's say this was the a company you were running a pentest for you wanted to get some more information

you went in there boom you click on it like let's say you you click on their corporate website you click on it then you go down you get a record all these subdomains maybe you weren't aware of right um and I'll just do one more for Giggles I believe this is actually crowd crowd strikes uh DNS servers we'll find out in a minute and sometimes uh just an FYI the search can take a little bit of time uh and sometimes it even times out you might have to just hit the search again uh I usually

tell people just be patient but sometimes you do have to click it so um this is going to be this is interesting has a lot more open ports some of these look like man management so maybe this is actually more than just a name server maybe this is some of their um technology I'm not going to go into this too far but you kind of get the point it looks like a lot of it shows it was moved anyway so so that's what you could utilize you could utilize this to look up information on those

devices or even their website it doesn't even necessarily have to be a webcam or whatever just the the site you're almost uh able to perform Sim something similar to what a Nesta scan would do so that is Shan um I would again if you're taking this serious or you work for a company um subscribe to their services because the higher-end um packages give you much more detail and much more capability um but for the purpose of this video and um you know just going out there and practicing uh this will get you enough the free

um subscription and they do have all different levels so that is showan and on to the next ENT tool so have you been owned that is the question of the day and luckily for you there is a website that is wonderful to find out if you have in fact been owned and it is have I been pwned.com now what this website is other than having such a very cool uh name there is a online database of breaches think of AT&T that was recently in the news or um Ashley Madison because none of the men would

know about that um all those websites are taken together thrown here in a searchable database and when I say searchable you can search for your email address you could search for the client's email address um you could search for whoever you're doing ENT their email address if you were able to gather that uh you could search for domains you could even search for passwords so if you had a password and you were like damn I wonder if any of my passwords have been found in any of these things you could actually enter your password if

you're I don't know that honestly I feel comfortable doing that but you could um and it would bring up you know if you have and we'll test this in here and what we're going to go ahead we'll just use uh the neelson networking admin at neelon if I could spell here networking okay slow down here.com right go ahead and search for it all right and we have been awesome here no Ownage or ponage found now let's say we're not so great let's say we're J at gmail.com right and let's say Jane or John went over

there oh no look they've been owned or pwned in 115 breaches and if you scroll down here it actually shows you the breaches now I know a lot of you are like okay well that's great um what do you expect me to do with this what you could do with this information is first of all you know they have been owned um you know there was they were involved in a breach you know their email has found been found on the dark web that's what the breach is this is this information I should have started

with that this information was found out on the internet um and their email was part of that this whatever breach we're looking at at the time so you could then go out and per se let's say you wanted to you know look up more information on that breach you could look up more information on that breach um there's sites on the internet um I wouldn't suggest you go there unless you really know what you're doing that actually you could go and probably find the intact database uh for download there's lots of things you could do

um with this information so it's it's more than just oh wowow look they were owned by a lot of websites look at this person my goodness right um so that's how that can be used you can also use it to notify you uh and you have to go through um this whole process where they verify that it's actually your email address but in the future if you wanted to know if your email address did get owned if it was compromised and if it was involved in a breach here's where you could do the domain search

you actually have to go through the whole process of verifying that you own that domain um and then you can actually just go through and look at the general uh listing of all the breaches so you could go through there and look at them all I mean you can see how little the bar is moving down but this again is very helpful for that information um and and not just you know necessarily for ethical hacking but it can be helpful just for regular you know anyone on the anyone on the street that's sounds really silly

to say but anyone any anywhere you know cuz let's just say you wanted to know if your information's out there you go here sech your email address and give you a little piece of mind right so it doesn't have to be necessarily used just by cyber Security Experts or pen testers it can be used by you know your grandma and grandpa or whoever um just to give them a little piece of mine or you use it to see if they have anything out there so you can help secure them right because if they have a

breach out there and believe there's a lot of people they see these breaches they don't even pay attention to it they don't change their password but their password is now in the dark web and if you have any kind of like credit monitor or anything that you know looks at the dark web you'll see this all day long they find people's stuff out there um so this is how you could leverage that site but again you could take it leverage it go okay I know this company they had a breach out here you could go

find that information and you could go see if those employees were told to change their passwords maybe they haven't and luckily it's going to be you that finds out they haven't before someone nefarious finds out you know and causes some real damage to that company so that's how you would leverage this as a penetration tester or cybercity expert so that is that website and again here's that where you could actually put it in I'm going to go ahead and put in Cordy right the most famous bad password in the world and let's see if it's

been owned not going to oh well I didn't want to do that but oh look at that only 10 million times is this password been used so believe it or not I don't this must almost be a joke right um because it's been found out there now I'm just going to put in some random characters to make sure this isn't just throwing up some weird data here to see if that password see so it is actually legitimately going out and doing it which I knew it was I just wanted to show you for those of

you that were doubting it um but again this is a great website I would suggest if you're going to use it you can donate I believe you can actually sign up for a subscription but again great website great for ENT and uh with that let's go ahead and move on to the next tool all right and for the next tool we are actually not going to open up a web browser well yet uh we're going to start off by going to our application menu if you're in C Linux otherwise you can simply open up terminal

and I'll show you how to start at the program from there but the program we're going to start up is not the exploit database you know that's kind of a spider that might be what you're thinking but we're actually going to be looking for the other spider in Cali which is spiderfoot now what is spiderfoot spiderfoot is I guess summarize it it is uh it's open source um and it's a Recon tool that automates the collection of in or intelligence if you will about a Target this can be a person company whatever um and it

AIDS pentesters or cyber security um Professionals in a lot of different ways but some of them are like you can identify subdomains gather who has information you can map infrastructures by you know Gathering various IP addresses so you can kind of get like a network map if you will it will show you open ports it will show you DNS records uh it does a lot um I don't want to go into all the details because that would be a whole video on its own and maybe I will do that I will just say that it

actually does Believe It or Not integrate with Showdown and have I been owned or pwned which I showed you right before this on purpose because uh it does integrate I'm not going to actually show you too much of that integration but I did want to give you a heads up that those other tools when you get on this one if you happen to be really into you know spider foot over all the other tools I'm showing you know that it does integrate with those other tools so anyways let's get this fired up so to start

spiderfoot you're going to need to Simply enter whoops if I'm on the wrong screen here you're going to have to enter spider foot and then what you're going to want to do is enter right here you're going to go dasl and you're going to want to put either local host or the IP of your machine I'll go ahead and put my IP here and you're going to go there and you're going to go ahead and hit enter and I do not know how to spell fighter foot spider root sounds pretty cool to me but anyway

we're going to start it up we're not going to start it up I totally third time is a charm spiderfoot there we go all right so now it's going to start up and apparently it's not going to start up why did it not like that did we not put Port 80 on there there we go apparently I suck and I didn't do that correctly in three times so anyway fourth time was a try today and now that this is up what you're going to do is you're going to open up your web browser and you

are going to go to your IP address the one you put in there which I wasn't about to go to maybe I should just stop the video now 102.4 is my IB and when you get here you're going to get this pretty nice little gooey here and I've already run one scan to show you what can be done and let's take a look so you would click on your scan here and we'll run a new one in a minute but you can kind of go through and see some of the information it gives you um

let's just scroll down here and say let's say you wanted to know so I scanned um where did I scan nm.org scan me. nm.org so that's where we were we want to go back here and we want to know let's say we want to know what the parent domain is obviously that's easy enough to know it's an inmap um but you can go back and you can say let's see what else what's interesting here hosting provider you wanted to know who was hosting this website you can go in here and see that ly node is

hosting it uh what else I'm just random things here that pop up as we go down here um hosting provider I mean the IP address we don't really that's pretty easy to get um what's a good one that you DNS record right here uh name servers so you get the name servers go back here you could get [Music] like let's see here I thought there was a little more on this oh yeah here you go MX records these are the M server records so you can kind of get the point there wasn't a ton on

this specific host um but there are a lot you can even see um their Google um web analytics code uh and all that fun stuff so there is some great stuff there but let's go ahead and do a new scan so what you would do is you would type in the name of the scan and I'm just going to type new scan and what I'm going to do is I'm going to type in the domain I'm going to go with insecure. org which is another um site run by the people that run nmap which we

discovered earlier um that allows you to run scans because you know you need permission to do this so that won't get me arrested so we're going to go ahead and go to insecure. org here and when we're all done we're going to pick which one we want I'm going to go for all all or nothing right and I just say run the scan and honestly this will take a little bit of time so I'm going to stop right here and come back to you in a few minutes all right and I am back here I

let that run for a good I want to say 7 10 minutes um and it is still running um but as you can see already it's already found well let's just go out here it's a better way to look at it so here you can see it's already at 25 almost 2400 elements and it's still running the nmap scan I ran that did finish only had 179 so we should have a lot more um data in here if you will so we're going to go in here and we're going going to want to go to

browse you can actually go to graph but I found I find this a little overwhelming it supposedly lists all the elements or I I don't know how it decides what ones it's going to list uh because honestly I looked at of this and I just was like dude I don't need this so I went back to browse because this is where you can see the elements and they're they're kind of grouped up in categories which makes it a lot easier to dissect so we're just going to pick some random ones here let's say you wanted

to know their SPF record right there you go there's their SPF record let's say you wanted to know their MX records you go in here there's their MX records right um but let's say you wanted to know something more like you wanted to know God my mouse keeps freezing you wanted to know the web server they were running that's useful in a pen test right uh let's say you wanted to know oh you wanted to check out the raw data for the SSL certificate look at that pretty cool right then you go back here let's

just see what we got under usernames and you go in here and apparently they've found what they believe are usernames that might be helpful right uh so you can kind of see there's a lot of great information this tool can dig up for you um all automated keep in mind you just set it up fire it off and let it run as long as your Linux box is up um it's going to be doing its thing and I don't know how long honestly this is going to run for so I think I'm just going to

let this keep running while the video is going and if I remember I'll come back at it and look at it um later on we're actually nearing the end of the video but um I do have at least one or two more tools I want to show you which we'll get to right now all right and for the next tool we are going to go not to the web browser I bet you thought I was going to go there didn't you no we are actually going to stick in the application menu and we are going

to type in Recon and full disclosure because I'm feeling nice you could actually open spiderfoot and Recon straight from the command line and I'll just show you that because I'm feeling giving um you would actually just go and go ahead and type in Recon NG to get in there um I don't want to make those of you not in K Linux that don't have the cute application icon in there jealous and I hope by doing that you'll feel you want to return the favor and you'll go and give this video a like and if you

haven't subscribed yet you'll do that of course because you don't want to miss any future content with you know this great quality stuff we're putting out here so anyway now that I've done that we are going to start up Recon NG which we did and we're going to go over it so I'm going to give you a quick summary of what it is it is open source again everything we're showing you here uh is open source free to use um that's why it's open source intelligence out on the Internet it's a very powerful Recon tool

or framework it's more of a framework it's very um let's say metas spsh and FYI these are okay to get you're going to get these unless you've set up the apis these are meaning they're thrown up in air because you don't have any API set up for that module so anyway this is very um metas spish it's actually very similar in a way that where there're like um you load and configure modules and you you know you back out of them but you load a module specific specific to the task you're trying to accomplish which

I'll show you in a minute here but just an FYI if you've used metas you'll feel pretty comfortable in this Tool uh a couple different ways to the commands are structured but same concept um it's very automated once you input the the information you're trying to seek you just you know fire it off and let it run on its own uh it's very uh versatile and it's used by a lot of penetration testers um a lot of people do security assessments with it um personally it's not my favorite out of all of them um but

it is out there and it does a great job I'm just a little more comfortable with spiderfoot um but you know to each their own so what we're going to do to start we are going to need my mouse to unfreeze and we're going to go ahead and we're going to start with uh setting up what is known as a workspace and to do that you are going to need to type in work spaces it's not Works Space which seems like it would make more sense but I guess if you have multiple Maybe does and

you can just hit enter to get the list of your options but what we're going to want to do is create and you would just put your name here I'm going to put NN for neon Network and you put whatever floats your boat go ahead and do that you're going to get those keys again and you're going to exit the reason you want to exit is that way when you come back in you'll make sure that your um workspace actually loaded so what we want to do again workspaces list and there we are so what

you're going to want to do now is workspace is and we're going to want to go to load and we're going to want to go to NN and there you are you can tell you're in there just like in Metasploit you get the little guy right there so we're good uh and what we're going to want to do now is install some modules and you can go modules and get a list of what you can do not very many options here but what we're going to do is none of that but we're going to actually

do is we're going to go and go module install modules install and we're just going to install mod apparently we're not I totally messed that up because we're not doing modules that's why it didn't work guess what we're doing people we're doing Market places my brain I literally it's too late to be doing this video Market places and you hit enter and you can see now we can install and we're going to install them all and the reason we're doing them all is because why not right why not and what this is going to give

you is a bunch of different modules and you can see similar to you know how in U met they might have exploit and then the version of the exploit what operating system or I think I got those backwards but and then you know it goes into like reverse shell or whatever it is TCP reverse um so you go in there so this is the same type of thing you can import you can actually Import in map um you can do a lot of things you can go down um credentials you name it domains is a

popular one you'll see I think that's probably the most maybe hosts um but anyway so you're going to go down you're going to get all the API warnings again that's totally normal and we're going to start and I think we'll start and I don't want to spend a ton of time on this cuz we're about 40 minutes deep in this video but just show you one I think is pretty useful and what it's going to be known as the profile so what I want to do here is I want to do modules I still think

it's weird to not say module it's modules load profile and what we're going to do next we need to insert so we need to do insert profiles and apparently I did not do that right and I can okay I'm going home I am home all right insert profiles and now this is going to be where you're going to want to put in the usernames I should have said this is going to be a profile where we are going to look up email information or handles um from a profiler database I should have started with that

I'm sorry again it's late I'm not making excuses here after I just begged for likes And subscribe um anyways let's get this back on the tracks here shall we so we're going to want to put in the email address of someone so I'm going to go ahead and put in let's go ahead and put in J do at n map.org actually let's do Gmail that looks right and then you're going to want to just hit enter through all these and then I'm going to go ahead and put in one more and I'm going to put

in um what was the guy's name I've already forgotten let me find out let's do G FY o o r at nm.org I probably spelled that wrong wrong and uh we're just going to roll with it anyway so okay so we're done now and what we're gonna do is we're gonna type run kind of like you would in Metasploit so let's go ahead and do that and it's going to go through and it's going to check all these different profilers so we'll go ahead and let this run and I'll come right back to you and

it's still going and still going and you will see some of these well of course right when I went to mention the red just means usually it either timed out the site it was checking no longer exists um or you occasionally will get tripped up or it will say you've tried to connect too many times kind of like if you were to do a end map or a hydr scan it will just time out and say oh you've tried to connect too many times buddy you're not you're up to something bad so anyways uh that

will stop and let's just finish here and if it keeps continuing to run I'm going to go ahead and cancel it we'll see the results we got halfway through because I don't want to make this video go forever okay so it is now done seven total five new profiles found so what we want to do now is Type in show profiles and you can see let's see what we got here all right check it out so what you're going to get here you're going to see that this guy here Joe or Jane either one whatever

floats your fantasy there has a uh an account on a dating Russian website it looks like and then over here you can see J do actually has a Facebook uh post and so you can kind of go down and you get it look and this actually makes perfect sense because we were even on there so that's how you can use a again this like spiderfoot could take all day to go through to show you and I don't have all day to show you so I am only going to show you that but now you know

how to get in there you know how to list the modules and uh in the future I'll probably do a video on this because I think this um would be something to look into further so with that said we are almost done but why don't we see if we can check on uh we have one run in spider foot here let's see ah there it goes all right so it thinks it's still going here so let's check it out and see where we're at okay it's going to be rude so go back here and it

is now at 3300 pretty nutso huh let's just see all right yeah it's just finding more of the same kind of but that's pretty impressive I'm just going to let that keep going um we'll go ahead and minimize it down here and let's go on to our last few tools all right and if you are looking for a paid tool if you're one of those players uh I have two I want to show you that are kind of top tier uh if you have the money or your company is willing to uh get you access

to either one of these I would suggest you do and you go for it the first one I want to show you and I'll probably butcher the name is malego and you're going to go like that and you're going to type it in and what it is is it is it's an open source intelligence gathering tool where it's going to go out and um you know it's going to gather informations from people groups websites domains networks organizations and it puts them all together in a database but instead of just looking at them you know as

data on a like a spreadsheet or whatever you're looking at or a file um it actually creates a visualization if you will like a visual networking map and links them all together it's not necessarily a networking map um although there may be some aspect of that but it will link it together it will say like you know you're looking at J do here's J Do's Facebook but over here is J Do's LinkedIn and then off that LinkedIn we found this and that and so it links them all together in a visual um layout so it's

very powerful but it is also expensive um and you can register for free and all that but don't let them fool you to get anything good out of this you now have to pay you didn't always have to pay a lot but now it's very popular because it's very good um but I was just going to give you an an oversight of the um expense here just to kind of give you an idea of what some of this stuff cost here um and let's just go ahead we're going to purchase the professional so you're looking

at 5,000 per year so quite a lot of money you can buy a lot of you know skins in fortnite or um games or or money in games or whatever you're into uh if you're really one of those people I would suggest you you know this would probably be a better investment to be honest with with you but I don't know if it will be as fun for you um so anyway that is the first one malego second one I want to show you is just as cool and it's called intelligence X and thankfully that

was pre filled there um and this one when you go there it doesn't really tell you right away what it is right you're kind of like wow it's a bunch of numbers that's cool um but what it is is intelligence X maybe those'll tell you more here okay um it is a search engine and data archive and what I think is so valuable about it it is pay to win again it is it does cost money is it actually has historical archives which is really cool it goes out and it keeps past versions of websites

and documents that may not be available on the web anymore it's pretty awesome and it does a really good job of keeping your privacy um and it has some really good search capab abilities but again it is a pay to use service um and I don't know if they show the price on here there they go so there you go again you know for the researcher you're only at 2500 a year but if you wanted to go up to use the API it's a little more on so uh these are great you can look through

them but again other than unless your company's foot in the bill or you have you know maybe you're doing your own thing um I don't know that you need this you definitely don't need it to perform pent test and all that but I did want to show you because you know you got to show both sides of the coin here right so that is that and with that I think we're about at an end of the video but let's go back and check out where we are at with uh spiderfoot still running still running here

we are now at 4,600 elements uh and we're looking pretty good there so with that said if you have enjoyed this video I know it it's very long video um but I hope I gave you a lot to think about even our imaginary pentest um that you can use you can use these tools go ahead and practice them maybe I'll break down like I said some of the Recon and the spiderfoot um and some of the other stuff we talked about in individual more detailed videos in the future if you like that put that in

the comments give me a heads up um but anyways if you enjoyed it please give me a like um subscribe for future content I don't put out a ton of videos because I have a full-time job and a family and other things but I try to do quality when I do so hopefully you've enjoyed this video and you don't want to miss any so subscribe and turn on that notification other than that thank you for watching and have a great rest of your day or evening whatever it is bye