search
top


Namechk – A Domain Searching & Recon Tool

Namechk –  A Domain Searching & Recon Tool

So I came across a new tool that I found particularly interesting. And, especially for someone that may be working on a pen test during the recon stage. Recon is very important, since it allows you to gather as much intel as possible before you start to look for weaknesses.

What is the tool?

I came across a website called Namechk (https://namechk.com). And, started to realize the power it gives you when conducting recon for particular companies or people. This site basically allows you to search for company names and personal names of people. Now the site isn’t made to conduct recon on anyone or any entity. But, it seems like some cyber security analysts and pen testers are starting to utilize it for recon purposes. And, why not? It’s a tool and various tools can be used for various purposes.

What is its real purpose?

Namechk is actually built for people to be able to identify user names they could use for multiple different social media platforms. It can be used for checking available or taken usernames, and can be used as a great domain searching tool. The site gives users a chance to scour across hundreds of social networks and domain extension with a specific username. They even provide a service for a fee to sign up profiles for you under a username you wish to use.

How did I use it?

Below is a sample of results I got just searching for “Stealthbay”. I can see that no one else has registered a domain (besides for me with the “.com”). However, it does appear that a few profiles already exists (Twitter, Instagram).

namechk social media

Now, I did find that some that show up as registered actually were deleted accounts. And, they are now available, though Namechk still seems to show them as taken. And, that means for recon purposes some time still might be spent verifying if the accounts are actually taken or still being used.

Why might this be important for me?

It’s a great tool to scour out various websites and social media platforms that a person or company my own. It also can be used to find “similar” company names of cyber criminals, who may be posing as fake company reps. For example, fake bank twitter accounts have been created in the past by cyber criminals trying to lure customers to direct message (DM) personal banking information. This was done by scaring users into thinking their accounts were breached and that they had to immediately provide their PIN and bank account information to the alleged fake twitter account.

I’m sure there are some other use cases for it for security analysts. But, at the end of the day, this is a recon tool I will definitely be using when conducting pen tests or other types of recon. Well that’s it for this post, I guess I’ll be busy creating a bunch of social media accounts now……… Till next time!



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

top
Secured By miniOrange