Information gathering is a crucial part of exploiting any website. Many tools are available online which helps in gathering information. But these tools somehow fail to find what the pentester/security researcher wants, according to ethical hacking. Today we will show you an information-gathering tool called Badmod.

According to the ethical hacking researcher of the International Institute of Cyber Security says that Badmod can be useful while checking any vulnerabilities in the website.

Badmod is a small tool written in php and used in information gathering. The tool can gather a lot of information that can be used in other phases of pentesting. To show you we have tested this tool on Kali Linux 2018.4

  • For installation type git clone https://github.com/MrSqar-Ye/BadMod.git
  • Before proceeding further. Make sure you have installed php in Kali Linux.
  • If not installed type sudo apt-get update
  • Then type sudo apt-get install php
  • Type sudo apt-get install php-curl
  • After installing php. You have to change the permission of the INSTALL file.
  • For that type, chmod u+x INSTALL
  • After changing permission type ls -ltr to check if permission has changed.
  • Then type cd /bin/badmod
  • Type chmod u+x BadMod.php to change the permission of this file. This file is used while executing the tool.
  • Then type sudo badmod to start the tool.

  • The above is the tool used in information gathering.
  • Type 2 for IP generator.
  • Then type 20 for generating IP addresses as shown below.

  • After executing the above queries, Badmod has generated 20 IP addresses. These IP addresses can be used to spread viruses on the local network.
  • If a target is in the attacker’s network, the attacker can force the target to visit those IP addresses by assigning them to the default gateway.
  • The above IP addresses can be further used in other hacking activities.
  • Type 3 to import sites from a list.
  • This query checks whether a site is vulnerable or not.
  • Type siteslist.txt as your list name.

  • The above query shows the links and whether the links are vulnerable or not. As shown in the above screenshot links are not vulnerable to exploitation.
  • The above query can be used in other hacking activities.
  • Type 04 for information gathering.
  • Type hackthissite.org URL you want to scan.

                                                                          ==========================SNIP========================

  • The above query shows the reverse DNS and subdomain DNS. The above list of DNS is in the initial phase of information gathering.
  • The above information can be used in other hacking activities.
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

4 browsers for safe anonymous surfing

  Internet comes with full of productivity & entertainment solutions. Being anonymous is...
All-new App Store for hackers, Kali Nethunter

Many times pentesters/ security researchers needs to scan URLs or they need to do penetration...
All-new Windows Exploit suggester is here, WES-NG

Windows is the most popular operating system. Because of its easy usability, easy to...
Android mobile hacks with android debug bridge(ADB) - Part l

ANDROID ARCHITECTURE – Hardware Components :- Hardware components interact with the drivers...
Android mobile hacks with android debug bridge(ADB) - Part ll

Earlier in part I we have shown adb hacks which are used in testing or foot printing phases. That...