FINDING TARGET FOR HACKING ON INTERNET IS NOW EASIER

Page 1

FINDING TARGET FOR HACKING ON INTERNET IS NOW EASIER INTRODUCTION Finding target on internet for penetration testing involves searching internet using google or using Google Hacking/Dorking. There are google hacking queries available on internet, according to ethical hacking researcher of International Institute of Cyber Security it is the main source of passive attacks on internet. This whole process of finding target on internet using GHDB is automated using python based framework named as Katana framework. This tool can be used in open penetration testing. Katana framework tool is completely built on python language. In this tool, we have five different modules like Google Hacking Database, SCADA, TOR, Proxy and, Bitly. All these modules collect different types of sensitive information.

ENVIRONMENT  

OS: Kali Linux 2019.3 64 bit Kernel version: 5.2.0

INSTALLATION STEPS 

Use command to clone the file git clone https://github.com/adnane-X-tebbaa/Katana. root@kali:/home/iicybersecurity# git clone https://github.com/adnane-X-tebbaa/Katana Cloning into 'Katana'... remote: Enumerating objects: 109, done. remote: Counting objects: 100% (109/109), done. remote: Compressing objects: 100% (109/109), done. remote: Total 262 (delta 47), reused 0 (delta 0), pack-reused 153 Receiving objects: 100% (262/262), 2.45 MiB | 180.00 KiB/s, done. Resolving deltas: 100% (93/93), done.

Use cd command to enter into the directory o cd Katana/ root@kali:/home/iicybersecurity# cd Katana/ root@kali:/home/iicybersecurity/Katana#

Now, use command to install the requirements pip3 install -r requirements.txt. root@kali:/home/iicybersecurity/Katana# pip3 install -r requirments.txt Requirement already satisfied: requests in /usr/local/lib/python3.7/dist-packages (from -r requirments.txt (line 1)) (2.20.0) Collecting proxybroker (from -r requirments.txt (line 2)) Cache entry deserialization failed, entry ignored Downloading https://files.pythonhosted.org/packages/27/bd/7ffee9acbf97ab702f373678a9ac61aefbd59710b15 44cf6c6a31d114203/proxybroker-0.3.2-py3-none-any.whl (1.6MB) 100% |████████████████████████████████| 1.6MB 94kB/s Requirement already satisfied: google in /usr/local/lib/python3.7/dist-packages (from -r requirments.txt (line 3)) (2.0.3) Requirement already satisfied: termcolor in /usr/lib/python3/dist-packages (from -r requirments.txt (line 4)) (1.1.0) Collecting txtorcon (from -r requirments.txt (line 5)) Downloading https://files.pythonhosted.org/packages/4e/36/910a6991534847eda30e99a7c363cd2bbe6710fc05a 2d54c9abe22507ffe/txtorcon-19.1.0-py2.py3-none-any.whl (341kB) 100% |████████████████████████████████| 348kB 199kB/s Requirement already satisfied: colorama in /usr/local/lib/python3.7/dist-packages (from -r requirments.txt (line 6)) (0.4.1) Requirement already satisfied: bs4 in /usr/local/lib/python3.7/dist-packages (from -r requirments.txt (line 7)) (0.0.1) Collecting StringGenerator (from -r requirments.txt (line 8)) Downloading https://files.pythonhosted.org/packages/55/11/2a8a4497c249a7d19e32bbd9035390a77775cd065ad 46ea4b24676da4574/StringGenerator-0.3.3.tar.gz Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python3/dist-packages (from requests->-r requirments.txt (line 1)) (3.0.4) Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/local/lib/python3.7/distpackages (from requests->-r requirments.txt (line 1)) (1.24.3) Requirement already satisfied: idna<2.8,>=2.5 in /usr/local/lib/python3.7/dist-packages (from requests->-r requirments.txt (line 1)) (2.7) Requirement already satisfied: certifi>=2017.4.17 in /usr/local/lib/python3.7/distpackages (from requests->-r requirments.txt (line 1)) (2019.9.11)

Requirement already satisfied: aiodns>=2.0.0 in /usr/lib/python3/dist-packages (from proxybroker->-r requirments.txt (line 2)) (2.0.0) Collecting attrs==19.1.0 (from proxybroker->-r requirments.txt (line 2)) Downloading https://files.pythonhosted.org/packages/23/96/d828354fa2dbdf216eaa7b7de0db692f12c234f7ef8 88cc14980ef40d1d2/attrs-19.1.0-py2.py3-none-any.whl Collecting aiohttp>=3.5.4 (from proxybroker->-r requirments.txt (line 2))

========================================================================================= ===================SNIP================================================================== =============================================== Downloading https://files.pythonhosted.org/packages/98/3f/e53dea9face4115abfb796f398bf74747a0d294537b 12935d1bbf697c11a/multidict-4.7.5-cp37-cp37m-manylinux1_x86_64.whl (149kB) 100% |████████████████████████████████| 153kB 146kB/s Requirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from zope.interface>=3.6.1->txtorcon->-r requirments.txt (line 5)) (41.0.1) Requirement already satisfied: PyHamcrest>=1.9.0 in /usr/local/lib/python3.7/distpackages (from Twisted[tls]>=15.5.0->txtorcon->-r requirments.txt (line 5)) (2.0.2) Requirement already satisfied: constantly>=15.1 in /usr/local/lib/python3.7/distpackages (from Twisted[tls]>=15.5.0->txtorcon->-r requirments.txt (line 5)) (15.1.0) Requirement already satisfied: hyperlink>=17.1.1 in /usr/local/lib/python3.7/distpackages (from Twisted[tls]>=15.5.0->txtorcon->-r requirments.txt (line 5)) (19.0.0) Requirement already satisfied: pyopenssl>=16.0.0; extra == "tls" in /usr/lib/python3/dist-packages (from Twisted[tls]>=15.5.0->txtorcon->-r requirments.txt (line 5)) (19.0.0) Requirement already satisfied: service-identity>=18.1.0; extra == "tls" in /usr/local/lib/python3.7/dist-packages (from Twisted[tls]>=15.5.0->txtorcon->-r requirments.txt (line 5)) (18.1.0) Requirement already satisfied: six in /usr/lib/python3/dist-packages (from automat>txtorcon->-r requirments.txt (line 5)) (1.12.0) Requirement already satisfied: pyasn1 in /usr/local/lib/python3.7/dist-packages (from service-identity>=18.1.0; extra == "tls"->Twisted[tls]>=15.5.0->txtorcon->-r requirments.txt (line 5)) (0.4.7) Requirement already satisfied: pyasn1-modules in /usr/lib/python3/dist-packages (from service-identity>=18.1.0; extra == "tls"->Twisted[tls]>=15.5.0->txtorcon->-r requirments.txt (line 5)) (0.2.1) Building wheels for collected packages: StringGenerator

Running setup.py bdist_wheel for StringGenerator ... done Stored in directory: /root/.cache/pip/wheels/63/2d/f9/dd7bf4a6fab18af351ef29aac6418a5989faceefbd809cc661 Successfully built StringGenerator automat 20.2.0 has requirement attrs>=19.2.0, but you'll have attrs 19.1.0 which is incompatible. Installing collected packages: attrs, multidict, yarl, async-timeout, aiohttp, proxybroker, txtorcon, StringGenerator Found existing installation: attrs 19.3.0 Uninstalling attrs-19.3.0: Successfully uninstalled attrs-19.3.0 Successfully installed StringGenerator-0.3.3 aiohttp-3.6.2 async-timeout-3.0.1 attrs19.1.0 multidict-4.7.5 proxybroker-0.3.2 txtorcon-19.1.0 yarl-1.4.2



Now, use command python3 katana-ds.py to execute the tool root@kali:/home/iicybersecurity/Katana# python3 katana-ds.py

| ,........T_________________________________________________________ |G|o|o|g|l|e|||O________________________________________________________/ R V1.5 | Katana Dork Scanner (Katana-DS) coded by adnane tebbaa please use -h to see help



Next, use command to find help options python3 katana-ds.py -h.

GOOGLE MODE In google mode, we have a tool called dork scanner. This tool is used to collect the vulnerable URLs using Google database. When we use this google mode it asks users to enter DORK and TLD (Top Level Domain)

  

Now, enter php?id=1 in the Dork option and enter com in the TLD option. We can also search for the required TLD, it is located in tld.txt file in the katana directory. After entering this query the dork scanner list out the URLs, which ends with this query

 

Here we got the URLs with the entered DORK. Now, let’s open any URL and check whether we can find any webpage.

As an example we found a page with the DORK, which can be used further to do testing.

SCADA MODE SCADA mode is a supervisory control and data acquisition. This SCADA mostly used in industries to monitor automated machines.

In this scada mode we have to enter the TLD. After that it list out the URLs

Scada Urls   

Here, we got the URLs. Now, let’s open any URL from this, to check the web page. We found on open device on internet

PROXY MODE What is a proxy server? A proxy server is used to hide our IP address which performing scan.



In the proxy mode, it will list out the 25 different working proxy.

BITLY MODE Bitly is used for URL shorter. When we perform this test. We get 10 bitly links, if we open these links in our browser it may redirect to any web page.



Now, lets open the URL, which has a code 200. To check whether link redirects to any webpage or not.

CONCLUSION This tool automate the complete process of finding the target on internet using GHDB, which can help researcher in doing their public research.

Contact

https://www.securitynewspaper.com/

MEXICO 538, Homero #303, Chapultepec Morales, Mexico D.F (Distrito Federal) 11570 DUBAI 702, Smart Heights Tower, Dubai INDIA Fifth Floor, HB Twin Tower Netaji Subhash Place, Delhi NCR, 110034

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.