6 Gathering Information from Servers with OSINT Tools

This chapter will introduce you to the modules that allow extracting information from publicly exposed servers using Open Source Intelligence (OSINT) tools. The information collected, such as a domain, a hostname, or a web service, will be very useful while carrying out the pentesting or audit process.

We will review tools like Google Dorks, SpiderFoot, dnspython, DNSRecon, and other tools for applying fuzzing processes with Python. OSINT reconnaissance and application fuzzing have different purposes. OSINT is typically a passive exercise aimed at gathering information that can then be leveraged for attacks, while fuzzing consists of automated injection attacks. At this point, we could use ...

Get Python for Security and Networking - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Python for Security and Networking - Third Edition by José Manuel Ortega

6

Gathering Information from Servers with OSINT Tools

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly