GhostEye is an information gathering, footprinting, scanner, and Reconnaissance tool built with Python 3. It captures information about the target and gives us detailed information about our objectives.
It only requires a domain or IP address. GhostEye is compatible with all Linux distributions.
Features:
- It is a user-friendly tool.
- Provide an option to select for our attack preference.
- It has a feature of Etherape which is a Graphical Network Monitor and a packet sniffer that collects information and displays it graphically.
- Etherape is compatible with Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP, and WLAN devices, as well as a variety of encapsulations.
- It can filter traffic to be shown and read packets from files as well as actual network data.
Ghost Eye available Options:
- EtherApe – Graphical Network Monitor (root)
- DNS Lookup
- Whois Lookup
- Nmap Port Scan
- HTTP Header Grabber
- Clickjacking Test – X-Frame-Options Header
- Robots.txt Scanner
- Cloudflare Cookie scraper
- Link Grabber
- IP Location Finder
- Detecting CMS with Identified Technologies
- Traceroute
- Crawler target URL + Robots.txt
- Certificate Transparency log monitor
Installation:
Step 1: Install Python3 on Kali using the following command:
sudo apt install python3
Step 2: In addition, you need to install the Nmap and EtherApe tools using the following command:
sudo apt install nmap etherape
Step 3: If you have completed the above requirements, then, you can proceed to the next step and clone the Ghost Eye repo using the following command:
git clone https://github.com/BullsEye0/ghost_eye.git
Step 4: The tool has been downloaded and cloned successfully. Now to list out the contents of the tool use the following command.
ls
Step 5: Now that the Github archive file (i.e. ghost_eye) is installed in Kali, we need to change the working directory to the Ghost Eye folder.
cd ghost_eye
Step 6: You are now in the tool’s directory. The following command will list the contents of the directory.
ls
Step 7: All the files in the tool are listed here. You may need to install tool requirements. To install the requirements, run the following command:
pip3 install -r requirements.txt
Step 8: All requirements have been downloaded. Now it’s time to start the tool using the following command:
python3 ghost_eye.py
Usage:
Let’s see the usage according to the options provided by this tool.
Option 1: Etherape – Graphical Network Monitor
It is a graphical network monitor and packet sniffer that collects and displays information graphically. It can also filter the traffic shown and read packets from a file as well as live from the network.
- EtherApe is a Unix-based graphical network monitor based on etherman. It visually displays network activity in the link layer, IP, and TCP modes. The number of hosts and links changes as traffic increases. Protocols are shown in a color-coded format. Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP, and WLAN devices, as well as numerous encapsulation types, are all supported. It can show traffic that has been filtered, and it can read packets from a file as well as from the live network.
- Ethernet is a classic technology for linking devices in a wired local area network (LAN) or wide area network (WAN), allowing them to interact with one another using a protocol, which is a set of rules or a common network language. Ethernet is a network protocol that defines how network devices structure and send data so that other devices on the same local or campus area network segment can identify, receive, and process it.
- WLAN is a two- or more-device wireless distribution technique. WLANs are wireless networks that employ high-frequency radio waves and frequently incorporate an Internet connection. A WLAN lets users wonder about the coverage area, which is often a house or small business, while still being connected to the network.
- FDDI stands for Fiber Distributed Data Interface, which is a collection of ANSI and ISO standards for data transfer via fiber optic cables on a local area network (LAN). It may be used in big LANs with a diameter of up to 200 km.
- Token Ring: Token Ring Network is a LAN architecture in which nodes/stations are placed in a ring configuration. Data travels across the network in a logical order until it reaches the origin station. A token ring topology uses a token to guarantee that only one node/station is used on the line at a time, to prevent congestion and collisions, and to easily identify media users of its activity.
Option 3: WhoIs Lookup
WhoIs searches the Whois database for an object. Whois a query and response protocol commonly used to access databases that show users from an Internet source, such as a domain name or IP address.
Option 4: Nmap Port Scan
Nmap port scan looks for open ports on the provided connection or IP address. In the Ghost Eye script, a nmap -Pn scan is utilized. -pn causes all hosts to be treated as online, bypassing host discovery.
Option 6: Clickjacking test
An attacker uses a transparent iframe in a window to direct the user to click a button or link to take another server with a similar-looking window. In a sense, the attacker captures the clicks intended for the original server and redirects them to the alternate server.
Option 7: Robots.txt Scanner
The robots.txt file is used to inform online robots such as search engine crawlers about which areas of the website robots are allowed to explore and index.
Option 9: Link Grabber
Link Grabber will analyze the HTML source code of a website and retrieve links from it. For simple review hrefs or pages, links are shown in plain text.
Option 10: IP Location Finder
We can use the IP Location Finder to find information about a certain URL or IP address. This tool will retrieve the latitude and longitude of the device or server.