Information Gathering Tools for Kali Linux (original) (raw)
Last Updated : 15 Jul, 2025
**Information Gathering means gathering different kinds of information about the target. It is basically, the first step or the beginning stage of Ethical Hacking, where the penetration testers or hackers (both black hat or white hat) tries to gather all the information about the target, in order to use it for Hacking. To obtain more relevant results, we have to gather more information about the target to increase the probability of a successful attack.
Information gathering is an art that every penetration-tester and hacker should master for a better experience in penetration testing. It is a method used by analysts to determine the needs of customers and users. Techniques that provide safety, utility, usability, learnability, etc. for collaborators result in their collaboration, commitment, and honesty. Various tools and techniques are available, including public sources such as Whois, nslookup which can help hackers to gather user information. This step is very important because while performing attacks on any target information (such as his pet name, best friend's name, age, or phone number to perform password guessing attacks or other kinds of attacks are required.
Information gathering can be classified into the following categories:
- Footprinting
- Scanning
- Enumeration
- Reconnaissance
1. Nmap Tool
Nmap is an open-source network scanner that is used to recon/scan networks. It is used to discover hosts, ports, and services along with their versions over a network. It sends packets to the host and then analyzes the responses in order to produce the desired results. It could even be used for host discovery, operating system detection, or scanning for open ports. It is one of the most popular reconnaissance tools.
**To use nmap:
- Ping the host with the ping command to get the IP address
ping hostname
- Open the terminal and enter the following command there.
nmap -sV ipaddress
Replace the IP address with the IP address of the host you want to scan.
- It will display all the captured details of the host.
Refer to: Nmap Cheat Sheet
2. ZenMAP
It is another useful tool for the scanning phase of Ethical Hacking in Kali Linux. It uses the Graphical User Interface. It is a great tool for network discovery and security auditing. It does the same functions as that of the Nmap tool or in other words, it is the graphical Interface version of the Nmap tool. It uses command line Interface. It is a free utility tool for network discovery and security auditing. Tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime are considered really useful by systems and network administrators.
To use Zenmap, enter the target URL in the target field to scan the target.
3. whois lookup
whois is a database record of all the registered domains over the internet. It is used for many purposes, a few of them are listed below.
- It is used by Network Administrators in order to identify and fix DNS or domain-related issues.
- It is used to check the availability of domain names.
- It is used to identify trademark infringement.
- It could even be used to track down the registrants of the Fraud domain.
To use whois lookup, enter the following command in the terminal
whois geeksforgeeks.org
Replace _geeksforgeeks.org with the name of the website you want to lookup.
Read here: Whois lookup
4. SPARTA
SPARTA is a python based Graphical User Interface tool which is used in the scanning and enumeration phase of information gathering. It is a toolkit having a collection of some useful tools for information gathering. It is used for many purposes, a few of them are listed below.
- It is used to export Nmap output to an XML file.
- It is used to automate the process of Nikto tool to every HTTP service or any other service.
- It is used to save the scan of the hosts you have scanned earlier in order to save time.
- It is used to reuse the password which is already found and is not present in the wordlist.
To use SPARTA, enter the IP address of the host you want to scan in the host section to start scanning.
Read more about SPARTA
5. nslookup
nslookup stands for nameserver lookup, which is a command used to get the information from the DNS server. It queries DNS to obtain a domain name, IP address mapping, or any other DNS record. It even helps in troubleshooting DNS-related problems. It is used for many purposes, a few of them are listed below.
- To get the IP address of a domain.
- For reverse DNS lookup
- For lookup for any record
- Lookup for an SOA record
- Lookup for an ns record
- Lookup for an MX record
- Lookup for a txt record
Read more about nslookup
6. Osintgram
Osintgram is an OSINT tool to run on reconnaissance Instagram to collect and analyze. It offers an interactive shell to perform analysis on account of any users by its nickname. One can get:
- - addrs : It gets all registered addressed by target photos.
- - captions : It gets the user's photos captions.
- - comments : It gets total comments of the target's posts.
- - followers : It gets target followers.
- - followings : It gets users followed by the target.
- - fwersemail : It gets emails of target followers.
- - fwingsemail : It gets an email of users followed by the target.
- - fwersnumber : It gets the phone number of target followers.
- - fwingsnumber : It gets the phone number of users followed by the target.
- - hashtags : It gets hashtags used by the target.
Read here about: OSINT for Instagram
Conclusion
Information gathering is the first and one of the most important steps in ethical hacking. It helps hackers or penetration testers learn more about a target before trying to find weaknesses. The more information they collect, the better they can plan their next steps.
There are many tools like **Nmap, **Zenmap, **Whois, **SPARTA, **nslookup, and **Osintgram that help gather useful details about websites, IP addresses, and even social media accounts. These tools make it easier to scan, discover, and understand how a system is set up.
By mastering the skill of information gathering, ethical hackers can make their testing more accurate while also helping organizations stay safer from real attacks.