Posted In:Information Gathering Archives - Pentest Geek
Jigsaw.rb Now With SQLite3 Database Support
Get The Code:
https://github.com/pentestgeek/jigsaw/tree/dev
This is just a quick post to highlight some of the new features added to the developmental branch of Jigsaw with SQLite3 support. In order to use this tool you’ll need to first install the ‘sqlite3-ruby’ gem. I do all of my ruby development using version 1.9.2 installed via RVM, so I recommend a similar environment because In my experience installing gems can be tricky when not using RVM.
[crayon show-plain-default=”true”]
$gem install sqlite3-ruby
[/crayon]
The help menu says that you can write to a database instead of a CSV file by using the -D option and specify the name of the .db file you want to output too.
Read More
Email Address Harvesting
Introduction
Harvesting email addresses is a common part of any external penetration test. Several tools exist that can be easily found with a simple google search that can greatly decrease the amount of time spent combing through search engine results.
I have recently released a new tool into the BackTrack Linux penetration testing distribution that has proven useful on many of my external gigs.
Introducing Jigsaw. Jigsaw is a simple ruby script that searches www.jigsaw.com for employee records and crafts email addresses based on first and last name entries pulled down from their website.
Read More
Enumerating URLs from IP Addresses Using Bing’s Search API
Hey guys, just a quick post here. I wanted to share with you a simple ruby script I wrote that identifies web server URLs (if any) from a specified list of IP Addresses. I wrote this script for a recent Information Security Assessment where my client was unaware of all the URLs that were pointing to their external infrastructure (It happens more then you would think…) and provided me with only a list of IPs.
The script uses Bing’s Search API as well as the rbing ruby gem which has some prety self explanatory usage examples on the GitHub repository. Literally all it does is run the search ip:ipaddress for every host in the specified input file.
Run the script without any arguments or view the source code below for proper syntax and usage. Not much else to say about this tiny little guy accept that it proved to be quite useful during my last pen test. Hopefully someone else will find it handy too, as always code improvement suggestions are more than welcome.
Read More
Share This
Recent Posts
- Playing With the New Burp Suite REST API
- Burp Suite 2.0 Beta Review
- Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
- GPG Errors While Updating Kali Linux
- Installing Kali NetHunter on HTC Nexus 9
Subscribe To Our Mailing List
The Ultimate Burp Suite Training Program
Learn Network Penetration Testing
Penetration Testing
Categories
- AWBS
- Burp Suite
- Definitions
- Forensics and Incident Response
- Information Gathering
- Metasploit
- Penetration Testing Tutorials
- Phishing
- Presentations
- Tools
- Web Applications
- Wireless