As anyone preparing to conduct a penetration test knows, the first part of that test is determining what is in scope. This can be a long and tedious process, especially when clients are unsure about the extent of their external presence.
Footprinting, the process of identifying externally facing systems owned by the target (client) using publicly available information, can be a very time consuming and any accurate footprint requires information to be gathered from multiple sources.
Recognizing the need for penetration testers to be able to quickly conduct footprinting and export that information to their clients before a penetration test begins, SecureState Researcher Spencer McIntyre developed a new tool, dubbed the Kraken, to solve this problem.
The Kraken is a game-changer for pentesters when it comes to footprinting. The SecureState Profiling & Penetration Team has been using the tool for several months to help optimize the footprinting process, resulting in hours of time saved.
One of the major advantages of Kraken is that it’s an application designed to quickly consolidate efforts of footprinting into a single tool, making it remarkably easy for users to navigate their results. Designed with ease of use and efficiency in mind, the Python programming language already has Kraken embedded so anyone can extend the tool.
The current set of features included with the initial release of Kraken include:
- Plugins for YouGetSignal Network Tools and DNS zone transfers integration.
- Multiple methods for gathering information on potential targets such as DNS, HTTP Link scanning and searching via Bing.
- Quick Exporting data in a variety of formats, from a simple list of IP addresses or hostnames, to an XML file complete with WHOIS information.
Released with the hope that fellow penetration testers will find value in this tool as well, Kraken is another SecureState open-source tool available via the following site: CLICK HERE