Information Gathering ๐ฃ
Information Gathering is the act of gathering different kinds of information against the targeted victim or system.
Last updated
Was this helpful?
Information Gathering is the act of gathering different kinds of information against the targeted victim or system.
Last updated
Was this helpful?
There are two types of information gathering, passive or OSINT (Open Source INTelligence) information gathering which means gathering as much information about our target wihout exposing our presence, and active information gathering which techniques interact directly with the target system.
Is a technique to gather information without any interaction with the target. There are many tools that are listed in OSINT Framework.
The OSINT Framework includes information gathering tools and websites in one central location. Some tools listed in the framework cover more disciplines than information security.
Google offers the opportunity to perform advanced search queries using special operators:
AND, OR, +, -, ""
And this is some examples of queries:
Cache
cache:www.example.com
Link
link:www.example.com
Site
site:www.website.com
Filetype
filetype:pdf
Title
intitle:index.of
Harversting is extract information from documents and files. We can find information such as emails, workers and so on. theHarvester is a tool that automates this working
The spread of social networks has made information gathering extremely important and effective. With the help of social media, a pentester can esaily gather employee's personal informacion such as phone numbers, addresses, history and CV.
We want to collect the following information about the employees:
Age
Phone Number
Addresses
Occupation
Business
Interests
Email Addresses
Website Owned
Related Documents
Financial Info
The main goal here is to retrieve data such as:
Domains
Netblocks or IP addresses
Mail servers
ISP's used (Internet Server Provider)
Any other technical information
There are some tools that search subdomains like amass or sublist3r:
Nmmapper is an online tool that finds a lots of subdomains:
The following user guide helps us a lot to inspect some awesome queries.
Recon-ng is a moduled-base framework for web-based information gathering. Recon-ng displays the results of a module to the terminal but it also stores them in a database.
We can add modules from the recon-ng with marketplace.
We need to load the module before using it:
We can display some different results, since hosts to vulnerabilities.
The following repository gives us some examples of what we can do with this brilliant tool
One such of interesting information are open-source projects and online code repositories, such as GitHub, GitLab and SourceForge.
Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for finding secrets, past or present, in your code.
Given a domain, the first source for information is . There are a lot of online tools that allow you top use WHOIS:
As we gather information on our target, it is important to remember that traditional websites are just one part of the internet. is a search engine that crawls devices connected to the internet.
