Passive Reconaissance

Passive Reconnaissance is the collecting of information from a target without interacting directly with the target. This is commonly performed using public tools to gather information.

Haveibeenpwned

This tool is used to determine if an email has previously been compromised.

TheHarvester

Harvester is a tool that scans a domain to provide passive information about the domains sub-domains, connected domains, and email addresses utilizing the domain.

Shodan

Shodan is a search engine used to search for any device that is connected to the internet. Commonly used to search for IoT devices like cameras, raspberry-pi's, etc..

Google Dorks

These refer to a series of query parameters that can be used within the google search function to further filter results.

Site Colon

By searching site:{sitename.ext} google will respond with only results that derive from that domain name.

File Type

By searching filetype:{file extension} {file name} google will respond with only results containing the file extension requested. If a name is provided google will attempt to return results containing both the file type, and file name. This can also be used in conjunction with Site Colon: site:mywebsite.com filetype:pdf SummerReport2020.

In URL

By searching inurl:"index of" google will respond with results where the URL contains the matching string from your query.

Vulnerability Check

You can quickly check for vulnerabilities by searching inurl:/index.php page=/etc/passwd which will show any sites that contain the matching passwd file.

In Title

By searching intitle:"My String Search" google will respond with results of domains where the matching string is in the title.

In Text

By searching allintext:"MyText" google will respond with results where the text contains the matching string. This can be used in conjunction with the other dorks to display items like the password log: allintext:password filetype:log .

PasteBin

Paste bin is primarily used as a temporary clipboard used for sharing notes. It can be searched for existing usernames and passwords. The easiest method is by using google dorks to search for site:pastbin.com password.

ExifTool

Exif tool is a specialized program that will read and print out the exif meta data contained within an image. This meta information can contain GPS Location data from where the image was taken.

BuiltWith

Built with tells us technologies that a website was built with.