WEBVTT 00:00.020 --> 00:04.280 In this bonus video, we're going to be taking a look at the program, Geo Recon and installing it to 00:04.280 --> 00:06.290 our Trace Labs Linux setup. 00:06.470 --> 00:13.310 Now, Geo Recon is a tool that's going to allow us to take an IP address and get more information about 00:13.310 --> 00:17.600 it, which is obviously going to be pretty useful for Osint investigations. 00:17.630 --> 00:24.080 Now grabbing an IP, we can typically do this sometimes through forums will post IP addresses. 00:24.080 --> 00:30.440 If there's an attacker or a network, we'll typically see an IP address and depending on which email 00:30.440 --> 00:35.900 client they're using, we may be able to get an IP address also or and other avenues, things like. 00:36.770 --> 00:42.140 A Xbox or PlayStation, you might be able to get an IP address depending how the information is coming 00:42.140 --> 00:43.580 through and whatnot. 00:44.510 --> 00:46.700 So let's take a look at the program itself. 00:47.710 --> 00:53.320 Now this is a GitHub page for it at GitHub.com forward slash radio active. 00:55.150 --> 00:57.730 Forward slash G dash recon. 00:57.730 --> 01:02.770 And it's going to be a pretty simple install and this is going to be again a command line interface 01:02.770 --> 01:08.110 tool and it's going to be using Python to install this Python three to be exact. 01:08.320 --> 01:11.050 So if you scroll down, you can actually see the commands here. 01:11.050 --> 01:16.330 And I actually copied and pasted the instructions into the description of this video if you want to 01:16.330 --> 01:17.500 take a look at that. 01:18.490 --> 01:21.280 So the first thing we do is we're going to copy this here. 01:22.850 --> 01:28.340 And I'm going to open the terminal and we're let me see if I can zoom in here and make a little bit 01:28.340 --> 01:30.560 easier for you to see. 01:33.530 --> 01:34.440 Okay, That should be good. 01:34.460 --> 01:36.200 I'm going to paste in. 01:37.840 --> 01:38.860 The command here. 01:38.890 --> 01:43.180 Get space, clone space and then the URL for the GitHub page. 01:44.870 --> 01:45.320 Okay. 01:45.650 --> 01:50.180 And if we go back to the instructions here, we simply need to go recon. 01:54.090 --> 01:57.390 And you could again, either type that in or copy and paste it. 01:57.870 --> 02:00.090 And then we need to make this a. 02:01.720 --> 02:02.620 Executable. 02:02.620 --> 02:08.170 So we're going to do a mod space plus X and then the geo recon dot pi. 02:08.290 --> 02:10.600 So let's copy and paste that in here. 02:12.130 --> 02:12.730 Okay. 02:12.730 --> 02:14.830 Now we should be able to go ahead and install it. 02:14.830 --> 02:16.780 So we're going to use this command here. 02:17.440 --> 02:19.360 Let me go back there. 02:21.660 --> 02:28.800 We're going to do a sudo apt install python three pip because we're going to need the python three pip 02:28.800 --> 02:30.150 to install this. 02:31.950 --> 02:33.810 And we're going to have to type our password. 02:33.810 --> 02:36.000 So if you leave it the default, it's going to be, Oh. 02:38.770 --> 02:39.190 Okay. 02:39.490 --> 02:41.230 And mine's already installed. 02:41.230 --> 02:45.610 You may or may not need to go and install that, but it's always good to run it just in case. 02:47.270 --> 02:51.710 And finally, we're going to go ahead and install all the requirements here. 02:52.550 --> 02:59.900 So since we just installed Pip three, we can do a Pip three space install space dash r space requirements.txt. 02:59.930 --> 03:06.890 Now what this does is the Pip three command takes a look at that Requirements.txt file and whatever 03:06.890 --> 03:11.900 requirements are in there that are not already met on our Linux machine is going to go ahead and install 03:11.900 --> 03:12.470 that. 03:13.040 --> 03:14.840 So let's go ahead and run that. 03:16.900 --> 03:18.910 Okay, Now mine's already installed. 03:18.910 --> 03:23.290 And one of the things that's going to install is Nmap, which is going to be useful for. 03:23.970 --> 03:27.150 Or actually required to go ahead and run the scan. 03:27.150 --> 03:29.910 So once we have everything installed here, let me clear it out. 03:30.300 --> 03:31.650 Clear out the screen. 03:33.580 --> 03:34.090 Okay. 03:34.090 --> 03:35.230 I'm just going to do LZ. 03:35.260 --> 03:38.800 Now we can see Geo Recon Pi right here. 03:38.800 --> 03:42.760 So to run it, we could do Python three. 03:43.450 --> 03:52.900 Python three is all one word space geo dash recon dot pi space and whatever the IP address that we're 03:52.930 --> 03:54.100 going to be checking. 03:55.480 --> 03:56.860 Let me go back there. 04:01.160 --> 04:04.520 Now make sure my num lock is on. 04:04.550 --> 04:06.710 8.8.8.8. 04:06.740 --> 04:10.610 Now let's say this is the IP address that we're that we're scanning. 04:10.790 --> 04:17.330 So we can do a python three geo geo dash recon dot pi space. 04:17.330 --> 04:19.010 One of the IP address is. 04:22.350 --> 04:25.770 And we can hit enter and we can let that run through. 04:25.850 --> 04:27.180 Now, this is going to take a moment. 04:27.600 --> 04:30.960 Just checking if Nmap is installed and installing it. 04:31.620 --> 04:33.600 And once it's done, we can see. 04:34.300 --> 04:35.170 It actually runs. 04:35.170 --> 04:39.790 So it's running geolocation check against the IP address. 04:39.820 --> 04:46.960 We can see the country United States region is Virginia City is Ashburn organization is Google public 04:46.960 --> 04:47.530 DNS. 04:47.560 --> 04:49.420 We can see a latitude and longitude. 04:49.420 --> 04:50.560 We can see the ISP. 04:52.010 --> 04:59.240 So this is all obviously great information and we can see the geo lookup is complete and it runs a reputation 04:59.240 --> 04:59.600 check. 04:59.600 --> 05:01.580 So domain is Google.com. 05:01.580 --> 05:07.640 We can see the hostname DNS Google, we can see usage type data center, web hosting and transit. 05:07.670 --> 05:09.800 We can see the confidence of abuse. 05:09.800 --> 05:20.000 So if it was been reported as a abusive website, it's say a bot site or whatnot, then you're probably 05:20.000 --> 05:23.530 going to see a number of abuse reports in there. 05:23.540 --> 05:26.750 Now, you can see a number of times report it, last, report it. 05:27.050 --> 05:35.390 You can see if it's whitelisted, whitelisted, true and IP address is deemed not malicious in IP reputation 05:35.390 --> 05:37.010 lookup is complete. 05:37.040 --> 05:42.200 So again, really, really handy program when looking up IP addresses, obviously we could use other 05:42.200 --> 05:48.410 tools like who is tools and what not to find more IP info, but this is a really great tool. 05:48.410 --> 05:55.110 I like this because it's we just now install it to our Trace Labs Linux and we don't have to go on a 05:55.110 --> 05:57.150 website, websites go down and whatnot. 05:57.180 --> 06:03.210 However, this is a great tool that's already that we now have installed and useful in our toolbox. 06:03.210 --> 06:06.000 And this is Geo Recon. 06:06.030 --> 06:07.200 Thank you for watching. 06:07.200 --> 06:08.460 I'll see you in the next video.