Information Gathering



Description

The goal of information gathering is to collect as much information as possible about the target, without actually exploiting it. This information can be used to identify vulnerabilities, plan the attack, and assess the impact of the attack.


Examples/Methods/Results

General Recon Tools

The following tools can be used for gathering information on physical and social aspects of the target.

No image found

The following tools can be used for gathering information on host and using webtools for online information.

No image found

Google Dorking

This is a technique that uses Google's search engine to find hidden information on the internet, by using specific search operators and keywords. Below is a cheat example of commands and how they are used.

No image found

An example of it used to find pdf files in the ford site.

No image found

Wayback Machine

This archive platform can allow to view how pages looked like previously. The pages may have some information that may be vulnerabilities.

No image found

Hunter.io

Hunter.io can help the tester find emails with the domain required and can also help find patterns on the email generation.

No image found

Have I been pawned

Have I been pawned helps find if an email has been compromised. After knowing this a tester can then check known leak databases to find the leaked information.

No image found

When scrolled down, you will see where the email or phone data was breached.

No image found

Compilations of leaked usernames and passwords

There are a couple of collections of email and passwords leaks around the internet. An example would be compilationofmanybreaches.7z that has 3.2 billion usernames and passwords. It will allow to search or use tools such as breach parse to compile entire domains for leaked emails and passwords.

No image found

View Page Source

Viewing page source can help penetration testers identify vulnerabilities in web applications. It can help them identify hidden fields, comments, and other information that may be useful in identifying vulnerabilities. Below is an example of finding a cryptocurrency address from the score page. When we check the page source the address can be found as a url value.

No image found

iframe + Script


Further Readings

Search Engine based Reconnaissance
Google Dorking cheatsheet
OWASP information gathering