Metasploit Part 4 recon passive information gathering

welcome back to are metasploit section so to-day we are going to use a few the auxiliary modules in a bit of recon using metasploit framework.

Fire up you terminal and type service PostgreSQL start then msfconsole

To know what modules are in the auxiliary section type search auxiliary

ENUM_DNS

the module we are going to be using is called enum_dns
this module lets us get info on a domain using techniques like zone transfers,reveres IP look up etc …

so let’s get started
type this in to metasploit
use auxiliary/gather/enum_dns

then you wanna type info

now you wanna set the domain to get the dns forsake this I’m using hackingarise.com and set the thread’s to 10
set domain hackingarise.com
set threads 10
and last type run or exploit what ever one you want

this module is also good for sub domain brute forcing this can be handy in finding a new target with in a URL just put set enum_brt true and then set your word list or use a default up to you

CORP WATCH

this module is use to gain the public info of a company like the street address sector etc..
how to use this module
use auxiliary/gather/corp_watch_lookup_name
set company hackingarise
set limit 1
exploit



this will then show you all the public company info

Email collector

So moving on to the email collector this module is handy for phishing campaigns and brute force attacks

use auxiliary/gather/search_email_collector
set domain hackingarise.com
set outfile root/Desktop/har-emails.txt
exploit



so this the end are passive information gathering section this was a short example of how to use metasploit for passive information gathering in the next we be doing active information gathering the were we be using things like arp sweep , port scanners etc.. so hope you enjoyed this and see you in the next one

LAUGHING MAN OUT