This tool is helpful in penetration testing in the early stages. The tools used to understand the customer footprint on the internet. It also helps organizations to now pre attacker plans what exactly they found from the server.

The feature of the Tools :

• Search all sources
• Verify the virtual host
• File saved in form of HTML and XML
• Graphic and stats options
• New Sources
• Active enumeration(DNS enumeration,Reverse lookups,TLD expansion)
• New sources
• Check the open ports and banner with the integration of the SHODAN computer database.

Passive work :

• Linkedin: specific search for LinkedIn user
• Google Search Engine- www.google.com
• Google-specific profiles and search engines.
•  Bing: Microsoft search engine –www.bing.com
• PGP key server
• Shodan- this app will search for ports and banner of discovered hosts(www.shodanhq.com)

Active discovery:

• DNS brute force: This option helps to run a directory brute force action.
• DNS reverse lookup: The Reverse lookup is found and discovered in order to find hostnames.
• DNS TDL expansion: TLD dictionary brute force.

For more information visit: Google Code – The harvester

Download harvester from Source link

The post The Harvester 2.2a-Tool for data gathering appeared first on Vednam.

Anurag Sen the Saftey Detective researcher who discovered that last month two unprotected-hosted servers which were 272 GB and 1.3 TB of size belonging to Natura that have almost more than 192 Million records.

Finding the Reports, we Got that the exposed data includes personally identifiable information on 250,000 Natura customers, Every account login cookies along with the archives which containing logs from the servers and users.

The Leaked information also includes Moip payment account details tokens for nearly 40,000 wirecard.com.br user who integrated it with their Natura accounts as informed by ThehackerNews

Anurag said that around 90% of the were Brazilian customers, although other nationalities were are also the part of ”

What leaked from the server of the omer includes :

• Full Name
• Mother’s Name
• nationality
• Gender
• date of Birth:
• hashed login passwords
• username and Nickname
• MOIP accounts Details
• API credentials with unencrypted passwords
• Recent  Purchases
• Email and physical addresses
• access token for wirecard.com.br

The unprotected server also had a secret permission certificate file that contains the key/passwords to the EC2 Amazon server where the Natura website is already hosted.

Source: TheHackernews

What happens if exploited the server key potentially could be allowed attackers to directly inject the digital skimmer into the company official website to steal the user’s all information including Payment details also.

According to experts, if you have connected with Natura you are advised to stay vigilant against identity theft you need to change the passwords and keep a close eye on every payment transaction if you feel any doubts directly connect with the cyber expert team.

Researchers always warned that the backend, as well as keys to servers, could be leveraged to manage further attacks and allow them to deep penetrations to the rest of existing systems

After all the experts connect with Amazon Services Company and let them know about the faulty server and the company immediately secures all servers and sends all server reporting.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post Brazil’s Cosmetic Brand Natura Find Exposes their User Personal Details appeared first on Vednam.