PRACTICAL NO. 2

Aim: To perform Open-Source Intelligence (OSINT) and passive reconnaissance.

Procedure: OSINT and Passive Reconnaissance
Step 1: Install and Use Sublist3r

Install Sublist3r.

sudo apt install sublist3r


Enumerate subdomains of the target domain.

sublist3r -d packtpub.com -t 3 -e bing

Step 2: Install and Use Maltego

Visit https://www.maltego.com
 and create a free account.
Download and install Maltego.
Accept the license and log in.

Install default transforms.
Select Footprint L1.
Enter the domain name:

cyberhia.com


Run the transform.

Step 3: Install and Use OSRFramework

Install pip3.

sudo apt install python3-pip


Install OSRFramework.

sudo pip3 install osrframework


Use Usufy to gather username information.

usufy cyberhia


Use Mailfy to collect email-related data.

mailfy -n cyberhia


Use Searchfy for additional user information.

searchfy cyberhia

Step 4: Create Custom Wordlist Using CeWL

Generate a custom wordlist from a website.

cewl cyberhia.com -w wordlist.txt

Step 5: Network Scanning Using Nmap

Identify the IP address of the Metasploitable2 target machine.

Perform Nmap scan on the target.

nmap 192.168.56.101


Launch Metasploit Framework Console.

msfconsole


Search for MS08-067 exploit.

search ms08_067

Step 6: Install and Use theHarvester

Install theHarvester.

sudo apt install theharvester


Collect emails, subdomains, and host information.

theharvester -d cyberhia.com -b all