Technical Blog

14 Jul, 2010

Network Reconnaissance with InterProber, Part 1

Getting Started with a Trivial Reconnaissance Exercise

With all the organisational network sprawl we are seeing on the Internet, we thought it was about time someone created a tool that was easy to use and allowed organisations to easily figure out what their exposure is. Hopefully InterProber together with this tutorial will achieve just that.

In this part of the tutorial, we’ll try the most basic recon of the Open Web Application Security Project (OWASP). OWASP is a good target because it has very limited exposure and completes quickly.
So what do we know about OWASP? A quick Google search reveals the “owasp.org” domain:

network-recon-p1-1.jpg
 
That is all the information we need to get started. Firing up “InterProber.exe” reveals an empty interface. To start a new scan, click the new button in the toolbar. You should be greeted with the scan configuration wizard:

network-recon-p1-2.jpg
 
Since we only know of the “owasp.org” domain, enter the domain in the left text box and hit “Add”.
Clicking the next button brings up another configuration screen. This allows us to choose which top level domains and countries we want to explore, for now we’ll skip this and stick with the default. Clicking the next button again brings us to the sub-domain scanning configuration. Again the default configuration will suffice for most scans.

The next screen is the most important for our basic scan, it allows us to configure our targets and remove unnecessary scan types. For now, we’ll just test some simple sub-domain brute-forcing. The screen should look something like the following:

network-recon-p1-3.jpg
 
Notice we have also specified the three “include” regular expressions. This is very important as it prevents the tool from scanning the entire Internet and confines its probing to only domains with the word “owasp” inside them.

Clicking next brings us back to the main windows. Clicking the play button will start the scan. The scan should take less than 30 seconds and result in the following output:

network-recon-p1-4.jpg
 
We now have a basic overview of OWASP’s Internet presence. All of it’s systems appear to be hosted on a small net-block within a larger PacTec Communications, Inc network.
 

This article is tagged in these categories

testing, Penetration