2D and 3D traceroute with Scapy

I was trying the scapy graphic traceroute features, and i liked both of them the 2D and the new 3D traceroute output.

Let's do a basic traceroute:

>>> mytrace,err = traceroute (["www.google.com"])

And the classic output is this:

>>> mytrace.show()
216.239.51.99:tcp80
1 192.168.1.1 11
2 87.219.30.1 11
3 10.255.136.254 11
4 10.255.228.1 11
5 10.255.228.2 11
6 208.175.154.177 11
7 195.2.10.122 11
8 195.2.10.129 11
9 195.66.226.125 11
10 72.14.238.253 11
11 66.249.95.146 11
12 216.239.49.34 11
13 66.249.94.235 11
14 72.14.238.232 11
15 72.14.238.97 11
16 66.249.95.149 11
17 72.14.239.17 11
21 216.239.51.99 SA
23 216.239.51.99 SA
24 216.239.51.99 SA
26 216.239.51.99 SA
29 216.239.51.99 SA

Now if we want to create a 2D image of the results we just do this:

>>> mytrace.graph(target=">mytrace.svg")



Better for understanding ;)

And for last the 3D output:

>>> mytrace.trace3D()




Cool! if you right click on any host, scapy will scan for port 80,22,21,23,25 and 443.

I think it's more useful the 2D output, but the 3D is so cool...

You can download scapy, from http://www.secdev.org

Extracting Deep Information

I was looking for a way, to get more information about my targets, something that could be useful
in a penetration test, one thing that is valuable are valid user accounts. So how can i have more
potential accounts? one way is harvesting email addresses from the search engines, this is old i wanted more; another way is to extract metadata from public documents of the target.

How can i accomplish that? Basically extracting MetaData information from the documents.

Metadata is literally "data about data", are information about another set of data. [wikipedia]
For example in the metadata we can found the Author Name, the software used with the document, who made the last change and even you can get the MAC address of the machine where the document was created.

Great, what we really want are usernames so the most valuable field is Author, so i thinked Why don't we use the power of google to find what public documents a company has, download them and extract the information we need?

To extract metadata i'm using the GNU libextractor it support
a lot of file formats. And recently I came across wvware it's used for access to Microsoft Word files, the difference is that with wv we can access to version control information, like the document that Michal Zalewski wrote about finding "recorded changes ranging from very minor (spelling, changed dates, slight reformatting, rewording to avoid being sued)", he did all the test on the Microsoft Website. lcamtuf-strikeout.

If you have any other idea please write me a lines to discuss the topic

That's all stay tuned.. :)