While browsing around the net I often run into websites that have been compromised. I recently discovered a website that was hosting the filesman backdoor, redirecting users to malicious sites, and allowing spammers to send mail from the web server. I thought it might be fun to take a look around and see if I could find anything interesting. (more…)
If you haven’t yet heard of Recon-ng I suggest you check it out. It walks you through the process of collecting recon in various forms and provides a nice framework to store, sort, and report on everything you collect. You should definitely get this set up if you plan to follow along.
I have been working on a Recon-ng module to do some Facebook OSINT by using the Facebook Graph API to search for phone numbers. It allows you to search for a specific phone number, or brute force through a range of numbers and grab all of the publicly available information on each associated Facebook account that matches.
This is not currently a built-in module so you will need to grab the code at the end of the post. (more…)