We have a client who would like to do some type of Open Source Intelligence, using Recon-ng.
This is very easy script if you already know Recon-ng. It should only take you 2 minutes to the write the script. We are security people so we are not able to do it.
1. We want you to right a script for Recon-ng, that will scan a given website.
2. They Recon-ng script will scan the website for the following:
Using the Recon-ng auxiliary modules:
auxiliary_elmah – a’elmah.axd’ log web page checker
auxiliary_googli – performs a reverse hash lookup with the use of Goog.li hash database
auxiliary_mangle – applies a mangle pattern to all of the contacts stored in the
database, creating email addresses or usernames for each harvested
auxiliary_noisette – performs a reverse hash lookup with the use of Noisette.ch hash
auxiliary_pwnedlist – uses PwnedList.com to check if an email account is compromised.
auxiliary_resolve – resolves IP addresses to hosts
auxiliary_server_status – a server-status web page checker
The contacts module type contains modules for harvesting and discovering contact information of a certain company through keywords. The modules include:
contacts_jigsaw – information harvesting with the use of Jigsaw.com
contacts_linkedin_auth – information harvesting through LinkedIn.com using an
authenticated connections network
The modules included in this category allow host discovery wherein you can check additional domains of a certain website. Here are the modules for the Host category:
hosts_baidu – Baidu Hostname Enumerator
hosts_bing – Bing Hostname Enumerator
hosts_brute_force – DNS Hostname Brute Forcer
hosts_google – Google Hostname Enumerator
hosts_netcraft – Netcraft Hostname Enumerator
hosts_shodan – Shodan Hostname Enumerator
hosts_yahoo – Yahoo Hostname Enumerator
The modules associated with the Pwnedlist category uses the Pwnedlist.com API (Application Programming Interface) to get full credentials and details of compromised user accounts. Hence, giving users an easy access to stolen information and credentials of pawned accounts. Here are the modules for this category:
pwnedlist_account_creds – PwnedList Account Credentials Fetcher
pwnedlist_api_usage – PwnedList API Usage Statistics Fetcher
pwnedlist_domain_creds – PwnedList Pwned Domain Credentials Fetcher
pwnedlist_domain_ispwned – PwnedList Pwned Domain Statistics Fetcher
pwnedlist_leak_lookup – PwnedList Leak Details Fetcher
3. We want the all the data to be saved in a Mysql database in it's how field (i.e DNS Hostname Brute Forcer, PwnedList , Noisette.ch ....).
4. You must deliver the finial script with the script to write to a database and all the field names will write to the database. So in the script it should has a section for "database name", "database username", "database password".
5. You will have to test this on your own system and database and then send us a screen shot showing that you are able to write to the database after scanning a website.
Please give us a quote on how much you will charge.