• Sat. Apr 17th, 2021

Notes on passive reconnaissance

Open Source Intelligence (OSINT) 

The following are online areas which can be used to obtain information about a target that is freely available on the web: 

-WHOIS Lookups 
-Public Website 
-Social Media 
-Job Postings 
-Google search (Dorking) 
-Public DNS 

OSINT Tools 

theHarvester(linux tool) – is a program that is included as part of the Kali Linux distro that is used to gather  

emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database 

Recon-ng(linux tool)– Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly. 

Maltego(java app)-  proprietary software[1] used for open-source intelligence and forensics, developed by Paterva.[2] Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining.  

FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages, and can be downloaded and analyzed with FOCA. 

Google Dorking Operators: 

Allintext Searches for occurrences of all the keywords given 
Intext Searches for the occurrences of keywords all at once or one at a time 
Inurl Searches for a URL matching one of the keywords 
Allinurl Searches for a URL matching all the keywords in the query 
Intitle Searches for occurrences of keywords in URL all or one 
Allintitle Searches for occurrences of keywords all at a time 
Site Specifically searches that particular site and lists all the results for that site 
filetype Searches for a particular filetype mentioned in the query 
Link Searches for external links to pages 
Numrange Used to locate specific numbers in your searches 
Daterange Used to search within a particular date range 

Example: 
Dork: intext:@gmail.com filetype:xls 

Scroll Up