Activity 1.2 Passive Recon Group Activity

Assignment Description:

Partners: Ainsley and Liam

Within your group - create a Shared Google Doc and:

• Select a company or organization to research:

  • Medium-size is best

  • Let’s avoid non-profits

  • Not Champlain.edu

Gather all the interesting info you can about the organization based on its domain names and IP addresses

---

Company Chosen: DEW Construction

1. theHarvester on Kali

theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/banners, and employee names from different public sources

theHarvester for dewconstruction.com

dewconstruction.com

dewconstruction.com

dewconstruction.com

theHarvester for dewcorp.com

dewcorp.com

dewcorp.com

dewcorp.com

Step 2: Netcraft.com

Netcraft can be used to scan a domain for the various technologies and IP addresses that the domain uses

• https://sitereport.netcraft.com/?url=https://dewconstruction.com

• https://sitereport.netcraft.com/?url=https%3A%2F%2Fdewcorp.com

• https://sitereport.netcraft.com/?url=http://o13.ptr6055.dewconstruction.com

Step 3: Metagoofil

Metagoofil allows you to scan for documents from a domain

In this screenshot we can see the command for metagoofil being run, searching for the links of 10 different pdf files from a website, with an interval of 30 seconds between each pdf. (Liam)

We created a script to curl the pdf files via the links that were pulled from metagoofil, allowing us to download and see the files. (Liam)

Here is the script running successfully, downloading the pdfs. (Liam)

Here are the downloaded pdfs from dewconstruction.com, seen below is one of the scraped PDFs (Liam)

Pre-Employment PDF pulled from Metagoofil

Now using exiftool we can look at the metadata that these pdfs retained. We can see the date they were made and modified, as well as what company created it for dew construction.(Liam)

ExifTool is a free open-source software program for reading, writing and manipulating, image, audio, video and PDF metadata.

Step 4: Notes for further recon

Website to look up IP addresses: https://networksdb.io/

• 34.122.173.240 - Google

• 173.254.17.190 - Unified Layer

• 149.72.170.154 - SendGrid Inc

• 64.223.70.226 - Vergennes Union High School (possible client!)\

• Additional websites found:

• https://www.bluebeam.com/ - construction

• https://www.twilio.com/en-us

• https://wpengine.com/

• https://www.linkedin.com/company/dewconstruction

Helpful websites:

• https://osintframework.com/

• https://start.me/p/L1rEYQ/osint4all

• WHOIS Database

• https://synapsint.com/report.php

• https://securitytrails.com/domain/dewcorp.com/dns

Targets

• Kristin Abbott TEL 802-764-2362

• Vergennes Union High School (possible client!)