2.2.1 Footprinting through Search Engines
Footprinting through Search Engines
- Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and other types of advanced system attacks.
- Search engine caches and internet archives may also provide sensitive information that has been removed from the World Wide Web (WWW).
Finding Company's Public and Restricted Websites
- Search for the target company's external URL in a search engine such as Google, Bing, etc.
- Restricted URLs provide an insight into different departments and business units in an organization.
- You may find a company's restricted URLs by trial and error method or using a service such as http://www.netcraft.com
Determining the Operating System
- Use the Netcraft tool to determine the OSes in use by the target organization.
- Use SHODAN search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters.
或是Censys, https://www.censys.io/
Collect Location Information
- Use Google Earth tool to get the physical location of the target.
- Tools for finding the geographical location:
- Google Earth
- Google Maps
- Wikimapia
- National Geographic Maps
- Yahoo Maps
- Bing Maps
People Search: Social Networking Sites/People Search Services
- Social networking sites are the great source of personal and organizational information.
- Information about an individual can be found at various people search websites.
- The people search returns the following information about a person or organization:
- Residential addresses and email addresses
- Contact numbers and date of birth
- Photos and social networking profiles
- Blog URLs
- Satellite pictures of private residencies
- Upcoming projects and operating environment
People Search Online Services
Gather Information from Financial Services
- Financial services provides a useful information about the target company such as the market value of a company's shares, company profile, competitor details, etc.
Footprinting through Job Sites
- You can gather company's infrastructure details job postings.
- Look for these:
- Job requirements
- Employee's profile
- Hardware information
- Software information
Monitorming Target Using Alerts
- Alerts are the content monitoring services that provide up-to-date information based on your preference usually via email or SMS in an automated manner.
- Examples of Alert Services:
- Google Alerts - http://www.google.com/alerts
- Yahoo! Alerts - http://alerts.yahoo.com
- Twitter Alerts - https://twitter.com/alerts
- Giga Alert - http://www.gigaalert.com
Information Gathering Using Groups, Forums, and Blogs
- Groups, forums, and blogs provide sensitive information about a target such as public network information, system information, personal information, etc.
- Register with fake profiles in Google groups, Yahoo groups, etc. and try to join the target organization's employee groups where they share personal and company information.
- Search for information by Fully Qualified Domain Name (FQDN), IP addresses, and usernames in groups, forums, and blogs.