Return to site

Welcome to the Cybersecurity Toolbox - Information Gathering Tools

Series 1

· Cybersecurity,Ethical Hacking,Blog Series,Cybersecurity Toolbox,For Newcomers

Who Am I, and Why Should You Trust Me?

I'm Omar Rao—top-ranked ethical hacker, data resiliency, security & privacy expert, and a trusted consultant for federal agencies and private companies. I've:

  • Won two global hackathons by breaking into systems most thought were unbreakable.
  • Recovered millions in ransomware cases by helping businesses and law enforcement trace and contain attackers.
  • Led CyberPatriot teams, mentoring middle and high school students to compete in national cybersecurity challenges.

I've earned over 45 certifications across ethical hacking, cloud, networking, and security—but more importantly, I believe in teaching how to hack the right way.

What You Can Expect from This Series

This isn't your typical tech blog. This series is for:

  • Students stepping into cybersecurity for the first time
  • Career switchers looking for a meaningful and high-impact field
  • Tech-savvy folks who want to learn the ethical side of hacking

We'll cover real tools used by both ethical hackers and attackers—but with a strong focus on how to use them safely, legally, and effectively.

Each blog post will focus on a category of tools, including:

  1. Information Gathering
  2. Wireless Hacking
  3. Password Cracking
  4. Vulnerability Scanning
  5. Exploitation
  6. Phishing & Social Engineering
  7. Forensics
  8. Final Wrap-Up

Why This Series Matters

I've used these tools not just in labs, but in real-world scenarios:

  • Helping a packaging plant recover from a ransomware attack without paying a dime to the hackers.
  • Performing red-team tests for federal agencies, exposing vulnerabilities before real attackers could.
  • Conducting infrastructure assessments that helped secure hospitals, schools, and public infrastructure.

But I've also seen tools misused—by curious beginners or malicious actors.

This blog is about empowering you to build skill and character. To become the kind of hacker who:

  • Protects instead of destroys
  • Reports instead of exploits
  • Teaches others instead of showing off

Ethics First, Always

Every post will include a section on how to use each tool ethically and legally. We'll walk through:

  • How to build your own lab
  • Where to practice without breaking the law
  • How to handle sensitive data with care
  • Why ethics matter more than ever in today's cyber landscape

So, Let’s Get Started!

Series 1: Information Gathering Tools

What Is Information Gathering?

Before you break into anything (ethically), you need to know what you're targeting. Information gathering, or recon, is like digital scouting. It's the first step in any security assessment, pen test, or attack simulation.

You're mapping out:

  • What servers or devices are online
  • What services or apps are running
  • Who works there and what tech they use
  • What the company or person exposes publicly

In the wrong hands, this can be creepy. In the right hands, it's how you help secure an environment.

The Tools That Help You Recon Like a Pro

1.

Nmap – The Network Mapper

  • Scans IP addresses and ports
  • Reveals which services are running (e.g., SSH, HTTP, RDP)
  • Can detect OS types and service versions

Use case: During a red-team assessment for a corporate client, I used Nmap to discover an outdated FTP server. It turned out to be the gateway to a full network compromise.

2.

Shodan – The Search Engine for the Internet of Things

  • Lets you find internet-facing devices like webcams, routers, servers
  • Shows banner data (what software is running, versions, location)

Use case: I once used Shodan to identify 200+ public-facing security cameras that were using default credentials. We notified the owners and helped lock them down.

3.

Maltego – The Link Mapper

  • Visual tool for OSINT (Open Source Intelligence)
  • Maps relationships between people, domains, IPs, emails, etc.

Use case: For a federal agency, I used Maltego to link phishing domains to known APT actors. The visual graph made it easy to show the connection.

4.

TheHarvester – Find Emails, Domains, IPs

  • Harvests email addresses, subdomains, and other info from public sources
  • Great for phishing simulations or initial recon

Beginner tip: Try it on your own domain and see what pops up. You might be surprised what's publicly available.

5.

Recon-NG – The Recon Framework

  • Modular tool for automated OSINT
  • Can plug into APIs like LinkedIn, GitHub, etc.

Pro tip: Add your own API keys and use modules to pull in tons of intel quickly.

6.

Amass – Subdomain Enumeration Master

  • Finds subdomains using multiple data sources
  • Helps map a company's full online footprint

Use case: Found hidden staging environments and test sites for a fintech startup that were vulnerable to takeover.

7.

Censys – Like Shodan, but deeper

  • Pulls certificate and service info from IP ranges
  • Great for finding obscure or forgotten servers

8.

OSINT Framework – A Gateway to OSINT Resources

  • Web-based collection of links and tools
  • Covers everything from people search to social media analysis

9.

Gobuster – Directory and File Brute Forcer

  • Used for enumerating web paths and files
  • Super useful when scanning for hidden admin panels

How I Use These in Real Assessments

As an ethical hacker:

  • I never touch a live target without permission
  • I start every assessment with Nmap and OSINT
  • I chain tools together: TheHarvester + Maltego + Shodan

Example: For a ransomware-recovery case, I used Nmap to find exposed RDP. Then used Shodan to prove the IP was indexed online. That helped the client understand the attack vector.

How You Can Practice This Ethically

Do:

  • Use these tools on your own network or in your lab
  • Scan test VMs or public CTF targets (like TryHackMe or HackTheBox)
  • Read the output and try to piece together a "target profile"

Don't:

  • Scan random public IPs or websites without permission
  • Use found info for phishing or real attacks
  • Assume it's harmless "just to look"

Final Thoughts

Information gathering isn’t flashy, but it’s powerful. The more you know about a target, the less brute force you need.

Every major ethical hack I’ve pulled off started with great recon.

Coming up next: Wireless Hacking Tools. Want to know how hackers break into Wi-Fi and how you can defend yours? Stay tuned.