2.2.1 Footprinting through Search Engines

Footprinting through Search Engines

• Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and other types of advanced system attacks.
• Search engine caches and internet archives may also provide sensitive information that has been removed from the World Wide Web (WWW).

Finding Company's Public and Restricted Websites

• Search for the target company's external URL in a search engine such as Google, Bing, etc.
• Restricted URLs provide an insight into different departments and business units in an organization.
• You may find a company's restricted URLs by trial and error method or using a service such as http://www.netcraft.com

Determining the Operating System

• Use the Netcraft tool to determine the OSes in use by the target organization.
• Use SHODAN search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters.

或是Censys, https://www.censys.io/

Collect Location Information

• Use Google Earth tool to get the physical location of the target.
• Tools for finding the geographical location:
  • Google Earth
  • Google Maps
  • Wikimapia
  • National Geographic Maps
  • Yahoo Maps
  • Bing Maps

People Search: Social Networking Sites/People Search Services

• Social networking sites are the great source of personal and organizational information.
• Information about an individual can be found at various people search websites.
• The people search returns the following information about a person or organization:
  • Residential addresses and email addresses
  • Contact numbers and date of birth
  • Photos and social networking profiles
  • Blog URLs
  • Satellite pictures of private residencies
  • Upcoming projects and operating environment

People Search Online Services

Gather Information from Financial Services

• Financial services provides a useful information about the target company such as the market value of a company's shares, company profile, competitor details, etc.
  • Google Finance
  • Yahoo! Finance

Footprinting through Job Sites

• You can gather company's infrastructure details job postings.
• Look for these:
  • Job requirements
  • Employee's profile
  • Hardware information
  • Software information

Monitorming Target Using Alerts

• Alerts are the content monitoring services that provide up-to-date information based on your preference usually via email or SMS in an automated manner.
• Examples of Alert Services:
  • Google Alerts - http://www.google.com/alerts
  • Yahoo! Alerts - http://alerts.yahoo.com
  • Twitter Alerts - https://twitter.com/alerts
  • Giga Alert - http://www.gigaalert.com

Information Gathering Using Groups, Forums, and Blogs

• Groups, forums, and blogs provide sensitive information about a target such as public network information, system information, personal information, etc.
• Register with fake profiles in Google groups, Yahoo groups, etc. and try to join the target organization's employee groups where they share personal and company information.
• Search for information by Fully Qualified Domain Name (FQDN), IP addresses, and usernames in groups, forums, and blogs.