This tool allows you to visualize the relationships between and among various bits of information, which Maltego calls entities, that you discover about the target of a Social Engineering Audit.
- creating and using a workspace — you can create workspaces to organize your activities on a case-by-case basis, which increases the tool’s functionality
- how to show modules by running the Show Command (he recommends that you try all of the modules separately to learn a great deal about your target)
- using the netcraft command
- using the run command
- using the load command
- using the resolve command
- using the add and delete commands to configure lists
- run the SE Toolkit
- trick your target into signing into a malicious Web site so that you can obtain their credentials
- use Web site attack factors
- perform SE attacks such as spearfishing
- trick your target into providing credentials by using the credential harvester
- use the tab nabbing tool
- use CTRL-SHIFT-T to open a new tab in your browser
- use the various templates
- choose the proper Web server for your activity
- clone a Web site to use to trick your target
- use the tiny URL Web site to streamline your process
- understand the security risks of using the tiny URL Web site
- communicate with your target to trigger them to go to the cloned Web site
- authenticate to the target’s true Web site using their own credentials
This tool allows you to generate a list of possible passwords to use in the Dictionary file. The Dictionary file(s) can be expanded as more information is gathered.
a simple and useful tool for generating word lists for use with a password cracking tool.
Shodan (www.shodan.io)
Shodan crawls the Internet and identifies IP addresses that have a service running. Then it does a banner grab of the service that is running, and it saves the banner information. You can search on a keyword or an IP address to find the services that are running.
an interesting account enumerator tool that allows you to do account harvesting. You will use this tool to find out where your target has accounts on various Web sites. You install Scythe into your Kali instance from GitHub using the following steps: · Go to www.GitHub.com · Enter Scythe into the site’s search function · Choose ChrisJohnRiley/Scythe from the list that is returned
The Web site www.geocreepy.com provides a useful tool that allows you to do geolocation for a target by using various social networking platforms to track individuals. Creepy works with Twitter, Flickr, Instagram, and Google Plus.