The Web Local
 

 

Bile-suite

 

The BiLE suite includes a number of PERL scripts that can be used by a Penetration Tester to aid in the enumeration phase of a test.  BiLE itself stands for Bi-directional Link Extraction utilities. The suite of tools essentially can be used in the footprinting process to find both obvious and non-obvious relationships between disparate.  With this information a Pen Tester may then decide to try and access sites with close realtionships to the target as a means of a stepping stone into the target network.

 

Note: - This process depends on the fact that the linked sites you plan to attack to get thru to your target are actually owned by the target company and are in the scope of the test.

 

The BiLE suite is available from here.

 

Installation.

 

There is one requirement to enable the suite of perl scripts to function correctly and that is httrack, the website copying application which is available from here.

 

To install httrack:

 

tar -zxvf httrack-3.40-2.tar.gz

./configure

make make install

 

To install BiLE:

 

tar -zxvf BilePublic.gz

tar -zxvf BiLE-suite.gz

 

Execution:

 

To identify links between sites we use the BiLE.pl script:

 

Usage BiLE.pl <site> <outfile>

root@hacker Bile]# perl BiLE.pl www.blackhat.com blackhat

 

This produces 2 text files blackhat.mine and blackhat.walrus.  The latter file details just the links between the sites in the format target_site:linked_site i.e.

 

www.blackhat.com:blogs.technet.com

www.blackhat.com:taosecurity.blogspot.com

www.blackhat.com:abcnews.go.com

www.blackhat.com:blogs.washingtonpost.com

www.blackhat.com:www.eweek.com

www.blackhat.com:www.securityfocus.com

www.blackhat.com:www.infoworld.com

www.blackhat.com:blackhat.com

www.blackhat.com:www.informationweek.com

www.blackhat.com:biz.yahoo.com

www.blackhat.com:cnet.com.au

www.blackhat.com:technology.guardian.co.uk

www.blackhat.com:www.wired.com

www.blackhat.com:cfp.blackhat.com

www.blackhat.com:www.gcn.com

www.blackhat.com:www.pcworld.com

www.blackhat.com:www.feedforall.com

blackhat.com:www.tsok.net

blackhat.com:cfp.blackhat.com

blackhat.com:www.blackhat.com

blackhat.com:blackhat.com

blackhat.com:www.securecomputing.com

blogs.washingtonpost.com:www.projecthopeharmony.org

blogs.washingtonpost.com:media.washingtonpost.com

 

The former details sites that links from:

 

====> Link from: [abcnews.go.com]

====> Link from: [biz.yahoo.com]

====> Link from: [blackhat.com]

====> Link from: [blogs.technet.com]

====> Link from: [blogs.washingtonpost.com]

====> Link from: [cfp.blackhat.com]

====> Link from: [cnet.com.au]

====> Link from: [taosecurity.blogspot.com]

====> Link from: [technology.guardian.co.uk]

 

With this information we can then try and determine the weight of the link between sites, utilising BiLE-weigh.pl:

 

Usage: perl BiLE-weigh.pl domain.com output.file.from.bile.mine

root@hacker Bile]# perl BiLE-weigh.pl www.blackhat.com blackhat.mine

 

The file blackhat.mine.sorted is then created:

 

www.blackhat.com:332.0625

blackhat.com:204.375

cfp.blackhat.com:68.4375

www.tsok.net:49.6875

www.securecomputing.com:49.6875

www.wired.com:18.75

www.securityfocus.com:18.75

www.pcworld.com:18.75

www.infoworld.com:18.75

www.informationweek.com:18.75

www.gcn.com:18.75

www.feedforall.com:18.75

www.eweek.com:18.75

technology.guardian.co.uk:18.75

taosecurity.blogspot.com:18.75

cnet.com.au:18.75

blogs.washingtonpost.com:18.75

blogs.technet.com:18.75

abcnews.go.com:18.75

ad.doubleclick.net:9.43627450980392

www.cnet.com.au:9.375

cgi2.cnet.com.au:9.375

w1.buysub.com:8.33333333333333

www.taosecurity.com:6.25

www.blogger.com:6.25

purl.org:6.25

feeds.wired.com:6.25

blogs.msdn.com:5.79044117647059

www.ziffdavis.com:4.6875

www.zdmcirc.com:4.6875

www.windowsclusters.org:4.6875

www.gapingvoid.com:4.6875

virtualteched.com:4.6875

rssnewsapps.ziffdavis.com:4.6875

common.ziffdavisinternet.com:4.6875

www.washingtonpost.com:4.56730769230769

 

Obviously the higher the number the more of a link between each sites and hence the relationship.

 

Other tools that come in this suite include:

 

vet-IPrange.pl

 

This script performs DNS lookups for a set of DNS names.  The IP addresses obtained are stored and a DNS lookup is performed on a second set of DNS names.  If the IP addresses returned match any from the first query they are written to file.  This tool is very useful for determining the use of virtual hosting and grouping of domains.

 

Usage:  perl vet-IPrange.pl [input file] [true domain file] [output file] <range>
 

vet-mx.pl

 

As vet-IPrange, this script queries mx records to interpret if any relationships between domains can be detected.

 

Usage:  perl vet-mx.pl [input file] [true domain file] [output file]
 

exp-tld.pl

 

This script takes a given list of domain names and tries to determine if any are valid in other TLD's.

 

Usage:  perl exp-tld.pl [input file] [output file]

 

IT Security News:

 

Pen Testing Framework:

 

Latest Tool Reviews:

 

 

 

  
 

© VulnerabilityAssessment.co.uk 24 February 2008