The goal of information gathering is to collect as much information as possible about the target, without actually exploiting it. This information can be used to identify vulnerabilities, plan the attack, and assess the impact of the attack.
The following tools can be used for gathering information on physical and social aspects of the target.
The following tools can be used for gathering information on host and using webtools for online information.
This is a technique that uses Google's search engine to find hidden information on the internet, by using specific search operators and keywords. Below is a cheat example of commands and how they are used.
An example of it used to find pdf files in the ford site.
This archive platform can allow to view how pages looked like previously. The pages may have some information that may be vulnerabilities.
Hunter.io can help the tester find emails with the domain required and can also help find patterns on the email generation.
Have I been pawned helps find if an email has been compromised. After knowing this a tester can then check known leak databases to find the leaked information.
When scrolled down, you will see where the email or phone data was breached.
There are a couple of collections of email and passwords leaks around the internet. An example would be compilationofmanybreaches.7z that has 3.2 billion usernames and passwords. It will allow to search or use tools such as breach parse to compile entire domains for leaked emails and passwords.
Viewing page source can help penetration testers identify vulnerabilities in web applications. It can help them identify hidden fields, comments, and other information that may be useful in identifying vulnerabilities. Below is an example of finding a cryptocurrency address from the score page. When we check the page source the address can be found as a url value.