Passive Reconaissance
Passive Reconnaissance is the collecting of information from a target without interacting directly with the target. This is commonly performed using public tools to gather information.
Haveibeenpwned
This tool is used to determine if an email has previously been compromised.
TheHarvester
Harvester is a tool that scans a domain to provide passive information about the domains sub-domains, connected domains, and email addresses utilizing the domain.
Shodan
Shodan is a search engine used to search for any device that is connected to the internet. Commonly used to search for IoT devices like cameras, raspberry-pi's, etc..
Google Dorks
These refer to a series of query parameters that can be used within the google search function to further filter results.
Site Colon
By searching site:{sitename.ext}
google will respond with only results that derive from that domain name.
File Type
By searching filetype:{file extension} {file name}
google will respond with only results containing the file extension requested. If a name is provided google will attempt to return results containing both the file type, and file name. This can also be used in conjunction with Site Colon: site:mywebsite.com filetype:pdf SummerReport2020
.
In URL
By searching inurl:"index of"
google will respond with results where the URL contains the matching string from your query.
Vulnerability Check
You can quickly check for vulnerabilities by searching inurl:/index.php page=/etc/passwd
which will show any sites that contain the matching passwd file.
In Title
By searching intitle:"My String Search"
google will respond with results of domains where the matching string is in the title.
In Text
By searching allintext:"MyText"
google will respond with results where the text contains the matching string. This can be used in conjunction with the other dorks to display items like the password log: allintext:password filetype:log
.
PasteBin
Paste bin is primarily used as a temporary clipboard used for sharing notes. It can be searched for existing usernames and passwords. The easiest method is by using google dorks to search for site:pastbin.com password
.
ExifTool
Exif tool is a specialized program that will read and print out the exif meta data contained within an image. This meta information can contain GPS Location data from where the image was taken.
BuiltWith
Built with tells us technologies that a website was built with.
Last updated