Tutorial: One Shot Passive Discovery

Estimated reading time: 1.5 minutesWhen preparing for a penetration test, step one: Gather the information.Let's collect the information about the target by digging what is already available on the internet.  You may do Google search, whois, traceroute, advanced Googling and other stuff but let's kill this with one shot. I have found a cool script which can come in handy to your rescue.STEP 1: Installing the scriptGetting into the directory where yo want to install this, I have chosen /opt directory.

1. open the terminal
2. cd /opt/
3. git clone https://github.com/leebaird/discover.git

STEP 2: Running the script

1. [ command - cd discover ]  You are set to rock now
2. ./discover.sh

• Choose 1 for domain discovery
• Choose 1 for passive discovery
• Input the company name and domain name

NOTE: For the first time let it run and see the processing: in my case the harvester scripts were postfixed with permission denied error, I went to usr/bin and found theHarvester.py file ad gave it executable permissions [command - chmod 777 theHarvester.py ]

• Let it run, It will prompt you to press return when done.

STEP 3: ReportingIt will then open multiple tabs in firefox and an interactive web report as well, best part. You can browse through the report like a website easily.

• Food for the brain: Figure out where the reports are getting stored

NOTE: Passive scanning can be done on any domain as we are only gathering the information which is freely available on the internet. We are just using the script to net all these fish.