::: Uniscan :: Project ::: JS-Recon - HTML5 based JavaScript Network Reconnaissance Tool. Apache Log Extractor tool. Apache Log Extractor tool Apache Log Extractor is a quick script to export URL information from Apache access logs. The thought behind this script was to provide a list of known URL’s on a remote server by analysing the logs. This list could then be used as the input for further testing tools e.g Burp Suite – Intruder .
The script accepts an Apache access file as the input and creates an output file containing one URL per line. The list is unique and should only contain the URL without parameters (incomplete directory names are not extracted). It also takes these URLs and creates a wordlist output of all valid directoy names for use with brute-forcing tools. This fingerprinting tool can reduse the realm of password cracking. How to use. Output[ ] Extracting URLs from logfile : access.log.1[ ] Extracted URL : /[ ] Extracted URL : /Signed_Update.jar[ ] Extracted URL : /ajax/bottomnavinfo.ashx[ ] Extracted URL : /MetaAdServer/MAS.aspx? Computer 64. OWASP. Security Testing Framework (HconSTF) [Aqua base] - Google Enumeration.
Here we are going to do some Zone transfer and google enum. We found a DNS server that allows Zone transfer and we can see all the hosts a domain has. We can run port scan on these host's or use the information we obtain for a social engineering attack. On Backtrack 2 there is a python script for email enumeration using google. I posted a link to the code below. Once we get a list of emails we can do a google search on them to find out what they have registered there accounts for. Zone transferhost -t ns victim.comvictim.com name server ns2. **telecom.net.victim.com name server ns1. host -l victim.com ns1. victim.com name server ns1.
Email HarvestingHere is the python script I used. marketing@victim.comjbotti@victim.comJFrankel@victim.comtfranceski@victim.com So a little google search on the email address and see what’s up with these guys. Fierce. Fierce Domain Scan was born out of a frustration while performing a web application security audit. It used to be very time-consuming to discover large swaths of a non-contiguous corporate network, but it doesn't have to be. It's terribly easy to run a scanner against an IP range, but if a network's web presence is distributed across multiple ranges, you can miss huge chunks of networks. Fierce helps solve that problem. Fierce is a reconnaissance tool written in Perl that quickly scans domains (usually in just a few minutes, assuming no network lag) using a variety of techniques to locate undocumented, internal or just hard-to-find resources via the DNS system. Latest version Fierce v2 ¶ To check out the latest version of Fierce v2 from subversion, simply run the following command: svn co fierce2/ You can find the documentation here: Installing and Updating Documentation ¶ To access the documentation for Fierce v2 use the following command:
> TXDNS - Download.