My University Notes
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Main Page
  2. /
  3. Cyber Security and Digital Forensics (2021-2024)
  4. /
  5. Year 2
  6. /
  7. Ethical Hacking
  8. /
  9. Week 3 - Passive Infomation Gathering
Edit page

Week 3 - Passive Infomation Gathering

Active vs Passive

Passive does not directly engage with the target

Reconnaissance (Footprinting)

  • Open source Intelligence (OSINT)
  • Search Engine Results (Google Hacking)
  • Public Company Information
  • Background Check services
  • DNS Information
  • Competitive Intelligence
  • Dumpster Diving

DNS Information

Censys / Shodan

  • whois - command or website
    • Gathers IP addresses and Domain information
  • host - command
    • Can Lookup one IP address or the whole DNS Zone file
  • NSLookup
  • Censys / Shodan
    • Can have historic Data

Open Source Intelligence (OSINT)

OSINT FRAMEWORK

  • Satellites / Maps
  • Public Images / Presentations

Social Networks:

  • Facebook
  • Twitter
  • Linkedin
  • Youtube

People Search Websites

Google Dorking

  • Use googles advanced search operators
  • Can Enumerate all the subdomains of a website
  • can find confidential files and information that would have not been easily seen.

Searching google using google dorks to filter information site:port.ac.uk type:pdf shows all the pdf that have been indexed on the site port.ac.uk

Some Dorks:

  • filetype: - searches for specific file type
  • ext: - searches for a specific file extension
  • intitle: - searches for the given text in the title of the page
  • intext: - searches for the given text in the main text of the page
  • inurl: - searches for the given text in the url

Resources

UOP as a case study