Professional Documents
Culture Documents
Description: In this lab, we will use the metagoofil tool to gather information from a website.
Specifically, we are looking for possible vulnerabilities on the website.
**We are using the evasion switch (-e) and the number 1 (to specify random encoding) to help
us be a little bit stealthier when running the scan. We also use -h to define the hostname or IP
address.
Question 2: What are the contents of .txt file that you have gathered?
Step 3: At the prompt, run the CE version of Maltego. . In this experiment, we will be using
haveibeenpwned.com database. So, make sure that this integration is available with Maltego.
Step 4: Create a new graph, select the domain as entity from entity panel and the use any
domain like linkedin.com (Note: Don’t use it on some govt. domains). After that right click on the
domain that you have chosen as a target and then run all the transformations related to e-mails.
Step 5: After you get all the email ids, select them and run breach transformation.
Step 6: After you get all the breaches, select anyone to enrich it by running the enrich
transformation.
Question 1: Were you able to see any breached related to any email id? If yes, write at least
three of them here