3klCon – Automation Recon Tool for Small & Medium Scopes
Reconnaissance or Information Gathering is the initial step or the starting step of the Ethical Hacking or Penetration Testing process. Knowing about the target is very important while performing penetration testing. The information about the target collected serves as the milestone while penetrating the target. Targets can be of two types 1) Organization 2) Individual, so as per the target, penetration tester should collect essential information like open ports, IP addresses, MAC Addresses, Whois Records, etc., while Social Media Account Information, Personal Details if the target is an individual.
While penetrating web-based applications, every tester should collect subdomains, service info, Web database info, information exposure, hidden directories and parameters, juicy links, which may be vulnerable.
Area of Scope in Reconnaissance
Penetration Tester can divide the scope of Testing into primarily three types:
1. Small Area of Scope
While performing the penetration testing on any organization, the terms and conditions a re-applied in which the area of scope is decided and explained to the tester. So in the Small scope, the areas of testing are only for subdomains that are allowed by the organization, all the activity beyond this scope can be considered as malpractice. All the information collected should only belong to the related subdomain.
The information which is collected in small scope is :
- Directory enumeration
- Github Dorking
- Parameter Discovery
- Port Scan
- Database Enumeration
- Backend Enumeration
- Github Search links
2. Medium Area of Scope
In the Medium Area of Scope, the testing area will be increased to contain all subdomains related to a specific domain. Any organization can allow the penetration testers to test the *.comoanydoamin.com and find any loopholes. In this scope, the information collected is more than the previous cope, i.e., small area, the data collected can be related to various subdomains of specified or allowed domain.
The information which is collected in Medium scope is :
- Waybackurls Enumeration
- JS file Enumeration
- Port Scan
- WAF Detection
- Misconfiguration in Storage
- Subdomains Takeover
3. Large Area of Scope
This is the best scope for penetration tester as there is no restriction of subdomains and domains. The tester can test any subdomain in his way and methodology. For example, Google Organization can specify the Testers to test Any Google domains and subdomains without restrictions.
The information which is collected in Large scope is :
- ASN to get IP ranges
- DNS and SSL Enumeration
- Seeds or Roots
- Automation Vulnerability Scanning
- Sensitive Files
- List of Subdomains
Methodology Used in Reconnaissance
The methodology serves as a roadmap for the penetration testing process. The methodology can be different for individual testers. It depends upon the understanding and the scope of the target. A step-wise methodology is essential for less confusion and efficient results.
What is the 3klCon Tool?
3klCon tool is an Automation Recon Framework that works with medium and large scopes. 3klCon is a python language-based tool. It performs more than 20 tasks and gets all results into separate files. Complete Automation Recon tool, which works with Small and Medium ranges. If you use Virtual Private Server (VPS), it’ll discover secrets and search for vulnerabilities. 3klCon will collect all the results into one directory with your target name.
3klCon uses various tools to get information
Installation of 3klCon Tool on Kali Linux
At first,open the Kali Linux terminal and move to the desktop using the following command. On the desktop, we have to create a directory in which we will install the tool or clone the tool from GitHub.
Now, we are on the desktop. We will create a new directory called 3klCon using the following command.
You have created the directory 3klCon on the Desktop. Move to this directory using the following command.
Now you are under 3klCon directory. Here you have to clone the 3klCon tool. GitHub To clone the tool, use the following command.
git clone https://github.com/eslam3kl/3klCon
Now, the tool has been cloned successfully to the 3klCon directory. Now list out the contents of the tool using the following commands.
You can see a new directory here. 3klCon created. Move to this directory using the following command.
List out the content of the directory using the following command.
We have downloaded the tool, and now we have to authorize the tool using the following command.
sudo chmod +x install_tools.sh ./install_tools.sh
Run the 3klcon.py file using Python
python3 3klcon.py --help
Working with 3klCon Tool
python 3klcon.py -t hackersera.com
Tool is collecting information from various platforms and tools as I mentioned above.
Separate files are created for separate purposes, like for subdomains we have all_subdomains.txt.
We can see all the subdomains in all_subdomains.txt.
Active Subdomains are stored in active_subdomains.txt.
This tool is a multipurpose tool. It finds a lot of information about the target and saves it in a sorted manner in separate text files on a system.