Information Gathering Tools [2018] – Ethical Hacking Guide



Finding information gathering tools can be troublesome, for beginner and more advanced penetration testers. It is the first step in a penetration test.

I’ll make this process easy for you, by providing a couple of useful tools.

This list is going to be expanded and edited from time to time.

Video

Online Information Gathering Tools

Have I Been Pwned

Have I Been Pwned is one of the online information gathering tools. It let’s you determine if the credentials of an email- address have been leaked.

It lists all the events in which the information has been leaked, so you can search for the dump of the specific event.

Check Usernames

Check usernames is another online tool.

It’s more of a fun gimmick to get the gist if a user uses the same username on different platforms.

You can (ab)use this information to get more information about the specific user.

Information Gathering Search Engines

Shodan.io

Shodan.io is a search engine for (ethical) hackers. You can search for specific IP’s, Ports and services to find open (and vulnerable) services in the internet.

theHarvester

TheHarvester is a CLI- tool that automates the process of “google-ing” information like emails, phone numbers and DNS settings for a specific domain, using the search engine of your choice.

Scanners

Nmap

Nmap is one of the most well known information gathering tools around.



It’s an advanced port scanners that can scan UDP and TCP ports, has a lot of well known services and a huuuuuge manual.

Masscan

Masscan is a TCP port scanner that is able to scan the entire internet in 5 minutes. Or so it claims.

Web Scanners

BuiltWith

BuildWith is a tool to find out how a website has been built. It lists you information about the CMS, used plugins, JS- libs that have been used, dns and certification authority and more.

Netcraft

Netcraft is a tool similar to BuiltWith. You can get information about the hosting provider, DNS, WhoIs and more information using it.

Security Trails

Security Trails is another web- scanner, listing multiple information like DNS- Records, subdomains, history data and more.

It also exposes sites behind Cloudflare.

Urlscan.io

Urlscan.io is another web-scanner.

It focuses on how many ads are around, how much percentage of the site is in https, domains, subdomains, countries, size, cookies and more.

Informationg Gathering Visualization

Maltego

Maltego CE is an information gathering tool, that includes a very stylish UI. It will remind you of the Microsoft Office Suite.

There is a free community version available, with which you can draw graphs of different information and the relations to each other. You can check out an example in the video above.

More Info

More info about information gathering and ethical hacking can be found in this article.