In today’s world, the information an objective shares publicly is more than just news or updates; it’s also a potential goldmine for cybercriminals. Simple things like contact details or product announcements can be twisted and used in phishing scams or ransomware attacks. This means managing your public info isn’t just about good PR – it’s crucial to keeping your business safe from online threats.
Passive reconnaissance is collecting public information and is a part of the reconnaissance phase in ethical hacking.
Different free ways to obtain public information
Google Hacking/Google Dorks
Google hacking involves using search operators to obtain specific information from the Google search engine.
One example is using the search query ‘Index of’ intext:’php’ site:.com. to find open website directories. More examples of Google Hacking can be found at https://www.exploit-db.com/google-hacking-database.
Here an article from INCIBE: https://www.incibe.es/ciudadania/blog/google-dorks-te-ayuda-encontrar-informacion-sobre-ti-en-la-red
theHarvester
TheHarvester is a tool that helps collect emails, names, subdomains, IPs, and URLs from public sources such as search engines and social networks.
I have a distribution of Linux, Kali Linux, installed on a virtual machine which includes many ethical hacking tools. One of these tools is TheHarvester.
In this example we are searching from the domain kali.org (-d kali.org) in duckduckgo (-b duckduckgo) limiting the results to 500 (-l 500).
The result can be saved to a file with the option -f path/file.
WHOIS
Although the WHOIS tool is commonly used to obtain information about internet domain ownership, it can also be used to gather security-relevant information such as contact details, which can be used for social engineering and identifying potential targets, expiration dates to identify newly registered domains, and IP changes.
Recon-ng
As I detailed in my blog post, Recon-ng is an exceptionally powerful and versatile framework designed for passive information gathering on a target. It excels in aggregating data from various open-source intelligence (OSINT) sources without directly engaging or alerting the target. This makes it an ideal tool for cybersecurity professionals and penetration testers who must discretely collect detailed information about an organization, network, or individual.
Nuria.