So this is the post I make before I start my podcast. What do you want to hear about? Understanding the capabilities of 7zip? Image backups VS traditional sissy backups? How to facebook? Let me know in the comments. Since I wont receive any replies at the time of writing, I’ll be keeping track of replies to this post for a while. Look forward to hearing from you normies.
Recon-NG notes
At this time this is incomplete, This is my “working” notes page When they are are useful I’ll remove this line. All commands and expected results are “to the best of my understanding”, I am not an expert, and will be improving my understanding over time.
Site – https://bitbucket.org/LaNMaSteR53/recon-ng
Usage Guide – https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide
Another guide which I found useful – https://www.codemetrix.net/practical-osint-recon-ng/
Recon-NG is a tool for finding information on the web about a target company or entity. This tool, when properly configured, can do a better job than you in less time at reconnaissance. The usage guides above are likely better resources, this is a place for my personal notes.
Basic commands
Workspaces
I think before doing anything else, you should understand workspaces. They are essentially containers for your projects. These commands must be executed from the root level of recon-ng.
workspaces list
workspaces add (some name)
workspaces select (some name)
workspaces delete (some name) – if you delete “default” workspace, it automatically creates a new, empty default workspace.
Modules
Show modules – on its own shows all available modules, you can dive into them individually if you prefer by appending the group you’d like to see.
show modules discovery
show modules exploitation, or import, or recon.
Commands
API’s and Not API’s
If you really want to take advantage of recon-ng, you will most likely want to go beyond the basic non API functionalities. See below for pricing and signup pages.
Full list… (copied and pasted from application)
(bold means it requires an API, will link below)
(Italics means it does not require and API key)
(No formatting means I haven’t checked yet).
Discovery --------- discovery/info_disclosure/cache_snoop discovery/info_disclosure/interesting_files Exploitation ------------ exploitation/injection/command_injector exploitation/injection/xpath_bruter Import ------ import/csv_file import/list Recon ----- recon/companies-contacts/bing_linkedin_cache recon/companies-contacts/jigsaw/point_usage recon/companies-contacts/jigsaw/purchase_contact recon/companies-contacts/jigsaw/search_contacts recon/companies-contacts/linkedin_auth recon/companies-multi/github_miner recon/companies-multi/whois_miner recon/contacts-contacts/mailtester recon/contacts-contacts/mangle recon/contacts-contacts/unmangle recon/contacts-credentials/hibp_breach recon/contacts-credentials/hibp_paste recon/contacts-domains/migrate_contacts recon/contacts-profiles/fullcontact recon/credentials-credentials/adobe recon/credentials-credentials/bozocrack recon/credentials-credentials/hashes_org recon/domains-contacts/metacrawler recon/domains-contacts/pgp_search recon/domains-contacts/whois_pocs recon/domains-credentials/pwnedlist/account_creds recon/domains-credentials/pwnedlist/api_usage recon/domains-credentials/pwnedlist/domain_creds recon/domains-credentials/pwnedlist/domain_ispwned recon/domains-credentials/pwnedlist/leak_lookup recon/domains-credentials/pwnedlist/leaks_dump recon/domains-domains/brute_suffix recon/domains-hosts/bing_domain_api recon/domains-hosts/bing_domain_web recon/domains-hosts/brute_hosts recon/domains-hosts/builtwith recon/domains-hosts/certificate_transparency recon/domains-hosts/google_site_api recon/domains-hosts/google_site_web recon/domains-hosts/hackertarget recon/domains-hosts/mx_spf_ip recon/domains-hosts/netcraft recon/domains-hosts/shodan_hostname recon/domains-hosts/ssl_san recon/domains-hosts/threatcrowd recon/domains-vulnerabilities/ghdb recon/domains-vulnerabilities/punkspider recon/domains-vulnerabilities/xssed recon/domains-vulnerabilities/xssposed recon/hosts-domains/migrate_hosts recon/hosts-hosts/bing_ip recon/hosts-hosts/freegeoip recon/hosts-hosts/ipinfodb recon/hosts-hosts/resolve recon/hosts-hosts/reverse_resolve recon/hosts-hosts/ssltools recon/hosts-locations/migrate_hosts recon/hosts-ports/shodan_ip recon/locations-locations/geocode recon/locations-locations/reverse_geocode recon/locations-pushpins/flickr recon/locations-pushpins/instagram recon/locations-pushpins/picasa recon/locations-pushpins/shodan recon/locations-pushpins/twitter recon/locations-pushpins/youtube recon/netblocks-companies/whois_orgs recon/netblocks-hosts/reverse_resolve recon/netblocks-hosts/shodan_net recon/netblocks-ports/census_2012 recon/netblocks-ports/censysio recon/ports-hosts/migrate_ports recon/profiles-contacts/dev_diver recon/profiles-contacts/github_users recon/profiles-profiles/namechk recon/profiles-profiles/profiler recon/profiles-profiles/twitter_mentioned recon/profiles-profiles/twitter_mentions recon/profiles-repositories/github_repos recon/repositories-profiles/github_commits recon/repositories-vulnerabilities/gists_search recon/repositories-vulnerabilities/github_dorks Reporting --------- reporting/csv reporting/html reporting/json reporting/list reporting/proxifier reporting/pushpin reporting/xlsx reporting/xml
Getting access to API’s (in the order listed above)
| bing_api Free trial (90 d), Pricing | builtwith_api Free (1 req/second), Pricing | censysio_id Rate Limited free | censysio_secret Is this different than above? | flickr_api Free for personal, See details on page for commercial | fullcontact_api Appears free | github_api Appears free | google_api Appears free | google_cse Appears Free | hashes_api Please donate | instagram_api free for personal business? | instagram_secret Different from above? | ipinfodb_api free | jigsaw_api Free or starts at $250/yr, not sure. | jigsaw_password | jigsaw_username | linkedin_api Appears free | linkedin_secret | pwnedlist_api Site is down at the time of writing | pwnedlist_ivSite is down at the time of writing | pwnedlist_secret Site is down at the time of writing | shodan_api Free, may have limitations Pricing | twitter_api free | twitter_secret Different from above?
Equifax missed facts.
Freeze your credit, complain about not being able to get a loan… You probably did it wrong anyway, you missed the other two. Its not even the real issue.
You can’t sue equifax, no one really can. Also not the issue. They potentially destroyed your life, your good credit, your home mortgage, (the second and third mortgage someone else took out, some jerk might buys a gun in your name and kills someone. Someone else might rent a car and smash it).
Still, you are missing the point.
The real issue? Zero liability for anyone in the future. When you medical records get jacked? When you ridentity gets stolen? When your CAR gets stolen, When your car gets stolen by someone over the internet? how can you prove damages? Those credentials were already lost by someone else. No one has to accept responsibility anymore.
Lets get it straight, Target lost your data if you shop there, OPM lost your data if you work for the Government. Equifax lost your data if you are a US citizen. Your data is worth money, and others gave it away in a game. The game is familiar, its called I win, you played it with people you didn’t like and they generally lost, if they won, it was because you changed the rules to allow it.
What did they gain? That is a better question. I think they shorted the market in a scam of their own making, deceived by someone clever who wants to watch the world burn. With all the occupiers, the neonazis, the BLM’s, SJW’s in general, and people like the FBI conning criminals into horrible things with get out of jail free cards, did you really think this wasn’t coming? Al Quaida was entirely trained and funded by the US (CIA). It’s not a conspiracy theory. What did you gain when you played? A sense of power? Money?
No. You got nothing. Same as the people playing against you, they were scammed. They are screwed, but maybe less than they would have been if equifax had patched the software it had with an old, known vulnerability.
Whats next? Yahoo is already toast and without value. Only noobs attack yahoo, even though they have a lot of your personal information, no one cares about them anymore.
gMail? A good candidate. Better? The IRS is probably next, that would be complete domination of us citizens, and prove everyone right in what they want to believe (even though its silly)… The idea that the IRS is bad. The IRS isn’t bad, but they are the most probable next target.
Other targets are likely to be backbone service providers. Comcast, Google, and the Bells are in the southeast. Once they get pwned power and water become trivial. Power and water are the alternative to personal information, personal information is probably a distraction anyway, north korea is probably a distraction.
Equifax seems too convenient. So back to the point. Equifax tech was taken over not because they did poor security. Its the other way around, they did poor security so they had an excuse to get hacked. Its much more profitable that way, for everyone. Look at the C levels, inside trading nonsense. they made more money then you will legitimately earn in your life over something that looks pretty darn suspicious.
The next issue, when one of experian or transunion gets hacked and loses your data, who can you sue? Only those who you can prove created damages. When best buy gets hacked? Uh, your identity already got jacked, not liable. Who’s liable? No one who has enough money. Welcome to the suck friends.
This was written quickly and late at night, I hope to fix grammar, but my frustration is at least documented and available.