How to use android for advance information gathering

Let’s take a look at how we can use android for hacking and when it comes to hacking the most important part is information gathering, in this tutorial I will show you how you can use your android for information gathering.

To get started you need termux and kali Linux or parrot os installed inside termux if you don’t know how to install kali Linux or parrot os see the old article.

Read: How to install kali Linux in mobile without root

once you have kali Linux or parrot installed start it with the right command see the start command below.

For kali linux
./starts-kali.sh
For parrot os
./starts-parrot.sh

Let’s start installing some tools for information gathering

Whois lookup

Whois lookup is one of the most important things to have, it gives details about the IP and domain name like who is the owner of the domain where it’s hosted, name servers, in some case email and phone number of the owner. if you use kali Linux or other Linux os whois lookup will be preinstalled in your system but for mobile, you have to install it by yourself to install it type the following command in your termux kali Linux or parrot.

apt install whois

Read: What is Whois Lookup

Once it’s installed you can test it with the following command:

whois allabouthack.com

RedHawk

RedHawk is another great tool for information gathering, it allow to do soo many things like whois lookup, Cloudflare detection, IP address, cms detection like WordPress or blogger, banner grabbing, DNS lookup, etc. it’s a php based tool so we have to install php also, to install the RedHawk in your termux Linux follow the command below

git clone https://github.com/Tuhinshubhra/RED_HAWK
cd RED_HAWK
apt install php
apt install php-curl
apt install php-xml
php rhawk.php

Now with the above commands, everything will be installed and will start the RedHawk, once it starts you will need to enter the website and it will give you the list of all available options.

NMAP

Nmap is the most popular and powerful network scanner with different techniques, with the help of nmap one can bypass the firewall to find open services and ports on the target device, for pc based kali Linux or parrot os it will be preinstalled in your system but here as we are using termux for Linux we have to install it.

apt install nmap
nmap --help

Read: Basic Nmap

With above command nmap will be installed in your system will show you the help to use it

DNSRECON

Dnsrecon is another great tool for DNS footprinting. it allow you to find AAA A TXT MX record for the target domain. it can be very helpful during DNS testing or vulnerability based on the information gathered from the DNS, installation is simple

apt install dnsrecon
dnsrecon --help
dnsrecon allabouthack.com

you can use DNS recon in the more advanced way with help command to see all the available options.

Sublist3r

Sublist3r is the most popular subdomain enumeration tool used by many penetration testers and bug bounty hunters. sublist3r is a python based tool for the subdomain enumeration. to install it we need python in our termux based Linux.

apt install python
 
apt install python-pip
 
 
cd Sublist3r
 
pip install -r requirements.txt
 
python sublist3r.py -d allabouthack.com -o subdomain.txt
 
pwd
 

with the above command, it will install the sublister, Now look at the last command which will scan for the subdomains for the particular domain and -o to save them with subdomain.txt namer in our current directory. and pwd to get the current directory. ( change the domain allabouthack don’t have any subdomain)
remember this because we will need it (subdomain.txt) for our next tool.

HTTPROBE

Httprobe is a very useful tool if you use a sublister for the subdomain. the problem with subdomain is they are too many in some case and some subdomain doesn’t work. here the httprobe tool comes, first you have saved the subdomain in a text file which we didi already in sublister as subdomain.txt file and httprobe will go through all the subdomain and check if they are listing for port 80 and 443.

git clone github.com/tomnomnom/httprobe

cd httprobe

apt install golang

go build main.go

mv main httprobe

cat /root/Sublist3r/subdomain.txt | ./httprobe -c 50

 
 

with the last command, cat will print all the subdomain for the file which we saved earlier in with file location | will grab the output from the cat command and then httprobe will be run on that output. and will print all the subdomain listing for 80 and 443 you can manually change the port if you think the target is not using the default port. check their Github page for more details.


There are some tools I personally use for my work. there are some other tools also I use but doesn't work with mobile if I found other tools which work in android I will write it down.

TELEGRAM GROUP for your discussion You can join our telegram channel for free ebooks and other updates. You can follow us on Twitter and Instagram.
Share it.

Allabouthack

One comment

  1. Hi,

    You know it’s true…

    Your competition just can’t hold a candle to the way you DELIVER real solutions to your customers on your website allabouthack.com.

    But it’s a shame when good people who need what you have to offer wind up settling for second best or even worse.

    Not only do they deserve better, you deserve to be at the top of their list.

    TalkWithCustomer can reliably turn your website allabouthack.com into a serious, lead generating machine.

    With TalkWithCustomer installed on your site, visitors can either call you immediately or schedule a call for you in the future.

    And the difference to your business can be staggering – up to 100X more leads could be yours, just by giving TalkWithCustomer a FREE 14 Day Test Drive.

    Tons more leads? You deserve it.

    Sincerely,
    Eric
    PS: Odds are, you won’t have long to wait before seeing results:
    This service makes an immediate difference in getting people on the phone right away before they have a chance to turn around and surf off to a competitor’s website. D Traylor, Traylor Law
    Why wait any longer?

Leave a Reply