Quick Look: Paterva Mesh

Summary

Mesh is a simple but powerful browser plugin that parses websites for useful information such as E-mail addresses, phone numbers, and other information. I won?t sit here and tell you that Mesh by Paterva (same people as Maltego) is an end-all data reconnaissance tool, it?s not. However, the features of Mesh are none-the-less extremely useful.

Mesh parses sites for the following information:

  1. IP Address Discovery
  2. Netblock Discovery
  3. E-mail Address Discovery
  4. Phone Number Discovery
  5. Dates Discovery

While this may seem a touch remedial, consider that Mesh uses some of the same methodologies to see past obfuscation to pull information from websites as many spam crawlers do. For example, MontecilloM at SecAnalysis.com shows up without any user interaction in the E-mail list when Mesh is running. This can be very useful to anyone conducting recon or investigation work. (Especially because the information can be piped into Maltego for more in-depth searches)

Things I Like

I really enjoy the simplicity of Mesh. It is as simple as Cntrl + Shift + M and watch for results. Combing Mesh with a few Google hacking tricks for locating information can be extremely useful. Below I simply clicked Google Maps which dumped a number of basic phone numbers.

Things I dislike

To be honest I sometimes found myself wishing that I could set Mesh up to do some automatic scanning. I guess that is really Maltego?s job, however I have to note that it was something I wanted. I also found that I wanted to be able to save off particular bits and pieces of findings off to a particular category, for example if I was doing a search on ?Jon Doe? and I found a phone number, I would like to save that to a specific location so that I could also add an E-mail address if I found it underneath ?Jonathan Doe.?

Thoughts

As more and more information makes its way to the Internet in the form of personal information on social networks and the likes, simple yet powerful data recognition tools such as Mesh become all the more important. Philosophical thoughts aside Mesh is so simple to install and utilize you should really just go download it and try it out.

Capabilities Analysis

When using a tool for any type of security capability it is important to understand the capabilities and limitations of those solutions. Thus, in order to determine what Mesh was capable and incapable of, I created a very simple test page that had some different ways of writing or obfuscating Email addresses, phone numbers, and IP addresses.

Figure 1: Mesh E-mail detection results

You?ll notice that there were a number of ways that Mesh saw beyond the minor obfuscation techniques such as writing E-mail addresses in formats such as ?Address at site.com.? Mesh also uses key words such as ?Me at? or ?Correspondence at? to detect when an E-mail address might be present. However, to my surprise Mesh did not detect the E-mail address housed simply in the html code via mailto: also Mesh did not detect the E-mail address using dashes.

As you will notice the phone number detect is pretty straight forward, however Mesh did not detect the International number. Finally, Mesh did a good job of detecting IP addresses but for some reason does not detect the simple CIDR notation as a netblock. See below in Figures 2 and 3.

Figure 2: Mesh with phone number formats

Figure 3: Mesh with IP address formats

Check It Out

Check out Mesh by downloading it free at http://www.paterva.com/web4/index.php/client/mesh

Comments are closed.