Employing comprehensive reconnaissance applications
Although Kali contains multiple tools to facilitate reconnaissance, many of the tools contain features that overlap, and importing data from one tool into another is usually a complex manual process. Most testers select a subset of tools and invoke them with a script.
Comprehensive tools focused on reconnaissance were originally command-line tools with a defined set of functions; one of the most commonly used was Deepmagic Information Gathering Tool (DMitry). DMitry could perform whois lookups, retrieve netcraft.com information, search for subdomains and email addresses, and perform TCP scans. Unfortunately, it was not extensible beyond these functions.
The following screenshot provides the details on running Dmitry on www.cyberhia.com:
dmitry -winsepo output.txt example.com
Recent advances have created comprehensive framework applications that combine passive and active reconnaissance; in the following section we will be looking more at recon...
