Open in app

Sign in

Write

Sign in

Active and Passive Information Gathering Techniques — Part 2

Kalpa Kalhara Sampath
4 min readSep 20, 2019

Passive Information Gathering

In passive information gathering process we are collecting information about the targets using publicly available information(resources). We can use Search engine results, who-is information. The goal is to find many information as possible about the target.

It’s not hacking into Google servers!. The purpose of Google Hacking is to leverage the vast amounts of data that are stored and indexed in search engines to produce unique results that quickly identify sensitive information, vulnerable systems, and network tactics and methods used by their hosts. These methods are beneficial to security professionals, ethical hackers, and unfortunately black hats.We need to have a web browser, an internet connection to try the google search operators.

Dependent upon the country or state you live in and the location of the target google hacking can be legal or illegal. As a standard practice we should never use these techniques against a target that we do not have written permission from the owner.

Google Search Operators

Site:

If we include [site:] in our query, Google will restrict the results to those websites in the given domain.

For example in the query site:lk we will find pages within .lk domain

Intitle:

If we include [intitle:] in our query, Google will restrict the results to those websites that mention search word in the title.

For example in the query intitle:google we will get websites that mention the
word “google” in their title.

Inurl:

If we include [inurl:] in our query, Google will restrict the results to those websites that mention search word in the URL.

For example in the query inurl:google, google will return websites that mention the word “google” in their url.

Info:

The query [info:] will present some information that Google has about that web page.

For example the query info:google.com will show information about the Google homepage.

Filetype:

If we include [filetype:] in our query, Google will restrict the results to those file extension specified by type.

For example the query filetype:pdf hacking search results will contain hacking related .pdf files. In here by changing file extension we can easily find the relevant movies, songs, research papers, documents.

References:- https://www.exploit-db.com/google-hacking-database

Shodan Search Engine

Shodan is a specialized search engine that lets users find sensitive information about unprotected internet-connected devices. Computers, baby monitors, printers, webcams, routers, home automation systems, smart appliances, servers using various filters. Any device that is not protected is potentially vulnerable to anyone, including hackers, using Shodan to find it.

With Shodan, anyone can find devices that use default login details a serious, and all too common, security misconfiguration.

References:- https://www.shodan.io/

Censys Search Engine

Censys is a search engine that scans the Internet searching for devices and return aggregate reports on how resources, devices, websites, and certificates are configured and deployed. Censys regularly probe every public IP address and popular domain names, curate and enrich the resulting data, and make it intelligible through an interactive search engine and API.

References:- https://censys.io/

Netcraft Site Report

Netcraft is an Internet monitoring company that monitors uptimes and provides server operating system detection as well as a number of other services. Site report service provides us with some great information about our target including the IP address and OS of the web server as well as the DNS server.

References:- https://toolbar.netcraft.com/site_report

Alexa Top Sites

Alexa Top Sites is an Amazon Web Service (AWS) that provides lists of the highest-performing websites according to Alexa Traffic Rank algorithm. Sites are ranked on a descending scale, with number one being the top ranking. We can get a quick traffic estimate of our competitors’ websites which we can then compare against our own.

References:- https://www.alexa.com/topsites

Wayback Machine

Wayback Machine has catalogued more than 370 billion web pages from as far back as 1996, so there’s a good chance that the website we want to see can be found on Wayback Machine. As long as the site allows for crawlers and isn’t password protected or blocked.

References:- https://archive.org/web/

Robtex

Robtex is one of the world’s largest network tools, with millions of unique daily visitors. At robtex.com, we can find everything that need to know about domains, DNS, IP, Routes.

References:- https://www.robtex.com/

My next article will be active information gathering techniques.

Active Information gathering

https://medium.com/@kalhara.sampath/active-and-passive-information-gathering-techniques-5b1c15290ee7

Information Gathering
Pentesting
Information Security
Vulnerability Assessment

--

--

Kalpa Kalhara Sampath
Kalpa Kalhara Sampath

Written by Kalpa Kalhara Sampath

81 Followers
27 Following

Cyber Security Researcher | Lecturer | Mentor | Ethical Hacking and Digital Forensic Trainer | MCT | CCAI

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams