Posted In:Information Gathering Archives - Pentest Geek

standard

Jigsaw.rb Now With SQLite3 Database Support

2012/10/30 - By 

Get The Code:
https://github.com/pentestgeek/jigsaw/tree/dev

This is just a quick post to highlight some of the new features added to the developmental branch of Jigsaw with SQLite3 support. In order to use this tool you’ll need to first install the ‘sqlite3-ruby’ gem. I do all of my ruby development using version 1.9.2 installed via RVM, so I recommend a similar environment because In my experience installing gems can be tricky when not using RVM.

[crayon show-plain-default=”true”]
$gem install sqlite3-ruby
[/crayon]

The help menu says that you can write to a database instead of a CSV file by using the -D option and specify the name of the .db file you want to output too.
Read More


standard

Email Address Harvesting

2012/09/27 - By 

Introduction
Harvesting email addresses is a common part of any external penetration test. Several tools exist that can be easily found with a simple google search that can greatly decrease the amount of time spent combing through search engine results.

I have recently released a new tool into the BackTrack Linux penetration testing distribution that has proven useful on many of my external gigs.

Introducing Jigsaw. Jigsaw is a simple ruby script that searches www.jigsaw.com for employee records and crafts email addresses based on first and last name entries pulled down from their website.
Read More


standard

Enumerating URLs from IP Addresses Using Bing’s Search API

2012/02/14 - By 

Hey guys, just a quick post here. I wanted to share with you a simple ruby script I wrote that identifies web server URLs (if any) from a specified list of IP Addresses. I wrote this script for a recent Information Security Assessment where my client was unaware of all the URLs that were pointing to their external infrastructure (It happens more then you would think…) and provided me with only a list of IPs.

The script uses Bing’s Search API as well as the rbing ruby gem which has some prety self explanatory usage examples on the GitHub repository. Literally all it does is run the search ip:ipaddress for every host in the specified input file.

Run the script without any arguments or view the source code below for proper syntax and usage. Not much else to say about this tiny little guy accept that it proved to be quite useful during my last pen test. Hopefully someone else will find it handy too, as always code improvement suggestions are more than welcome.
Read More


Share This

Follow Pentest Geek

twitterrssyoutubetwitterrssyoutube

Recent Posts

Free Course

Penetration Testing

Categories

Metasploit

Web Application Hacking

css.php