Download as KEY, PPTX
![Output Plug-In Architecture
TCP Port and FQDN
nmap
netcat aka nc
maltego (new)
.CSV File
Output Files written to
./[query]/tit/Bing|Google
tcpinputtext.org 4](https://image.slidesharecdn.com/tit-120301212547-phpapp01/75/tit-4-2048.jpg)
![Regular Expression
=~m|(w+)://([^/:]+)(:d+)?/(.*)|;
my $Protocol = $1;
my $Domain_Name = $2;
my $URI = ("/" . $4); // discarded
if ($3 =~ /:(d+)/) {$TCP_Port = $1}
else {$TCP_Port = 80}
tcpinputtext.org 5](https://image.slidesharecdn.com/tit-120301212547-phpapp01/75/tit-5-2048.jpg)
![tit_FQDN.csv
Forward Lookup with dig and/or nslookup
Scan for TCP Ports *not* within Search Results.
Neither TCP/80 or TCP/443
Output Files written to
./[query]/tit/Bing|Google
tcpinputtext.org 6](https://image.slidesharecdn.com/tit-120301212547-phpapp01/75/tit-6-2048.jpg)
![tit_nmap.sh Example
nmap -PN -sT -p T:8080 glcfapp.[snip]
nmap -PN -sT -p T:8080 www.spee[snip]
nmap -PN -sT -p T:8080 inside.c[snip]
nmap -PN -sT -p T:8080 www.wsu.edu
nmap -PN -sT -p T:8080 torrents[snip]
nmap -PN -sT -p T:8080 sammelpu[snip]
nmap -PN -sT -p T:8080 arc.cs.odu.edu
nmap -PN -sT -p T:8080 www.ripn.net
nmap -PN -sT -p T:8080 phy043.t[snip]
nmap -PN -sT -p T:8080 202.188.95.52
tcpinputtext.org 12](https://image.slidesharecdn.com/tit-120301212547-phpapp01/75/tit-12-2048.jpg)
![Output Plug-In Architecture
To remove duplicate entries
cmlh$ sort file | uniq > nodups_file
Output Files written to
./[query]/tit/Bing|Google
tcpinputtext.org 13](https://image.slidesharecdn.com/tit-120301212547-phpapp01/75/tit-13-2048.jpg)
![DataDumper.txt Example
$VAR1 = bless( {
'searchTime' => '0.116592',
'endIndex' => '10',
'searchComments' => '',
'documentFiltering' => 0,
'searchTips' =>Deprecated for json_debug_log.txt
'',
'estimatedTotalResultsCount' =>
'51700000',
'searchQuery' => 'inurl:8080',
'startIndex' => '1',
'resultElements' => [
bless( {
[SNIP]
tcpinputtext.org 14](https://image.slidesharecdn.com/tit-120301212547-phpapp01/75/tit-14-2048.jpg)
Uploaded byChristian Heinrich
tit
The document describes TCP Input Text (tit), a tool used in the reconnaissance phase of penetration testing to enumerate fully qualified domain names (FQDNs) and TCP ports. It implements the Google SOAP and Bing search APIs. The tool outputs plug-ins including CSV files for FQDNs, TCP ports, and Maltego transforms. The roadmap includes adding support for the Bing API v2 and merging tit-google-soap and tit-bing. Future versions may include output plugins for web proxies and translation.
More Related Content
![Laura Garcia - Shodan API and Coding Skills [rooted2019]](https://cdn.slidesharecdn.com/ss_thumbnails/shondaapiandcodingskillsrootedcon2019-190403190029-thumbnail.jpg?width=640&height=640&fit=bounds)
tit
- 1. TCP Input Text ChristianHeinrich aka “cmlh” Updated: February 2012
- 2. TCP Input Text Usedin the “Recon” Phase of Penetration Test Enumerates FQDN and TCP Ports Implements the Google SOAP Search API Bing API v2 (new) tcpinputtext.org 2
- 3. cache: May be outof date since last crawl by “Googlebot” Hence, positive assurance by nmap, nc, etc tcpinputtext.org 3
- 4. Output Plug-In Architecture TCPPort and FQDN nmap netcat aka nc maltego (new) .CSV File Output Files written to ./[query]/tit/Bing|Google tcpinputtext.org 4
- 5. Regular Expression =~m|(w+)://([^/:]+)(:d+)?/(.*)|; my $Protocol= $1; my $Domain_Name = $2; my $URI = ("/" . $4); // discarded if ($3 =~ /:(d+)/) {$TCP_Port = $1} else {$TCP_Port = 80} tcpinputtext.org 5
- 6. tit_FQDN.csv Forward Lookup withdig and/or nslookup Scan for TCP Ports *not* within Search Results. Neither TCP/80 or TCP/443 Output Files written to ./[query]/tit/Bing|Google tcpinputtext.org 6
- 7.
- 8.
- 9.
- 10. tit_maltego.csv Example tcpinputtext.org 10
- 11. tit_nc.sh Example nc -vz glcfapp.umiacs.umd.edu 8080 nc -vz www.speedguide.net 8080 nc -vz inside.c-spanarchives.org 8080 nc -vz www.wsu.edu 8080 nc -vz torrents.freebsd.org 8080 nc -vz sammelpunkt.philo.at 8080 nc -vz arc.cs.odu.edu 8080 nc -vz www.ripn.net 8080 nc -vz phy043.tours.inra.fr 8080 nc -vz 202.188.95.52 8080 tcpinputtext.org 11
- 12. tit_nmap.sh Example nmap -PN -sT -p T:8080 glcfapp.[snip] nmap -PN -sT -p T:8080 www.spee[snip] nmap -PN -sT -p T:8080 inside.c[snip] nmap -PN -sT -p T:8080 www.wsu.edu nmap -PN -sT -p T:8080 torrents[snip] nmap -PN -sT -p T:8080 sammelpu[snip] nmap -PN -sT -p T:8080 arc.cs.odu.edu nmap -PN -sT -p T:8080 www.ripn.net nmap -PN -sT -p T:8080 phy043.t[snip] nmap -PN -sT -p T:8080 202.188.95.52 tcpinputtext.org 12
- 13. Output Plug-In Architecture Toremove duplicate entries cmlh$ sort file | uniq > nodups_file Output Files written to ./[query]/tit/Bing|Google tcpinputtext.org 13
- 14. DataDumper.txt Example $VAR1 =bless( { 'searchTime' => '0.116592', 'endIndex' => '10', 'searchComments' => '', 'documentFiltering' => 0, 'searchTips' =>Deprecated for json_debug_log.txt '', 'estimatedTotalResultsCount' => '51700000', 'searchQuery' => 'inurl:8080', 'startIndex' => '1', 'resultElements' => [ bless( { [SNIP] tcpinputtext.org 14
- 15. json_debug_log.txt Divided into threemajor sections marked with “#”: 1. $bing_json_url 2. $bing_http_request->get($bing_json_url)- >content 3. decode_json($bing_http_response)- >{SearchResponse}->{Web}->{Results} Smart::Comments are also supported for v0.3. tcpinputtext.org 15
- 16. tit Roadmap PoC v0.1(RUXCON 2K8 in Sydney, AU, Nov 2008) Previewed at ToorCon(US) and SecTor (CA) Alpha v0.2 (SyScan’09 Singapore) Moving repository to code.google.com/p/tit Added FQDN Output Plug-In Previewed at OWASP AU 2009 (February) and 5th CONFidence 2009 (Poland) tcpinputtext.org 16
- 17. Changes from v0.1to v0.2 cmlh$ ./tit.pl –key “demo” –query “inurl:8080” –start 1 “TCP Input Text“ PoC v0.2 Copyright 2008, 2009 Christian Heinrich Licensed under the Apache License, Version 2.0 Output Plug-Ins (TCP_FQDN_CSV, FQDN_CSV, NMAP_SH, NC_SH) 1. glcfapp.umiacs.umd.edu TCP/8080 available 2. www.speedguide.net TCP/8080 available 3. www.wsu.edu TCP/8080 available 4. inside.c-spanarchives.org TCP/8080 available 5. torrents.freebsd.org TCP/8080 available 6. sammelpunkt.philo.at TCP/8080 available 7. arc.cs.odu.edu TCP/8080 available tcpinputtext.org 17
- 18. tit Roadmap Alpha v0.3 Supportfor Bing API v2 Repository at tit.codeplex.com Maltego Local Transform (CSV) Repository at github.com/cmlh/maltego tcpinputtext.org 18
- 19. Changes from v0.2to v0.3 cmlh$ ./tit.pl -site "bing.com" "TCP Input Text" for Bing Alpha (Release Candidate) RC v0.0.1 Copyright 2008-2012 Christian Heinrich Licensed under the Apache License, Version 2.0 Output Plug-Ins: FQDN_CSV, TCP_FQDN_CSV, MALTEGO_CSV, NMAP_SH, NC_SH Creating ./sitebing.com/tit/bing cmlh$ Enabled with ## Smart::Comments tcpinputtext.org 19
- 20. tit Roadmap Beta v0.4and onwards Merge tit-google-soap.pl and tit-bing.pl Repository at github.com/cmlh/dic sub output_plugin curl and/or wget (i.e. replay web intercepting proxy) Google Translate (Speak English or Die) tcpinputtext.org 20
- 21. Questions Latest Slides AvailableFrom: http://slideshare.net/cmlh/tit https://github.com/cmlh/tit Contact: christian.heinrich@cmlh.id.au http://cmlh.id.au/contact tcpinputtext.org 21
Editor's Notes
- #2 \n
- #3 Not an OWASP Project but related to “Download Indexed Cache”.\n
- #4 \n
- #5 \n
- #6 \n
- #7 \n
- #8 \n
- #9 \n
- #10 -PN Disable Ping\n-sT TCP Connect Scan\n-p T: Specify TCP Port\n
- #11 -PN Disable Ping\n-sT TCP Connect Scan\n-p T: Specify TCP Port\n
- #12 -v Verbose\n-z Don’t send any data, just check that port is open\n
- #13 -PN Disable Ping\n-sT TCP Connect Scan\n-p T: Specify TCP Port\n
- #14 “uniq –c” shows the number of entries\n
- #15 -PN Disable Ping\n-sT TCP Connect Scan\n-p T: Specify TCP Port\n
- #16 -PN Disable Ping\n-sT TCP Connect Scan\n-p T: Specify TCP Port\n
- #17 \n
- #18 The “Release \n
- #19 \n
- #20 The “Release \n
- #21 Sub output_plugin is refactoring of csv, FQDN, nc, nmap\n
- #22 Not an OWASP Project but related to “Download Indexed Cache”.\n