search

Passive Information Gathering

hashtag
Hosting Information

The hosting information about a website can expose a lot of details about the organization, such as the address, responsible employee, etc.

whois tool can be used for fetching this info,

whois particle42.com

hashtag
Search Engines

Search engines are some of the best tools to conduct passive information gathering on websites and companies. Here are some of the popular search engines,

hashtag
Google Dorks

Some of the popular search operators of Google Dorks,

  • site:particle42.com

  • filetype:pdf

  • -filetype:html #exclude files that are html

  • intitle:"index of"

hashtag
Netcraft

It is a internet services company that gathers various information from websites. They also have a paid service.

Logohttps://searchdns.netcraft.comsearchdns.netcraft.comchevron-right
Search Engine by Netcraft

hashtag
Recon-ng

This is a module based framework for web based information gathering. You can add the modules and perform the searches to keep adding the results to a database. Finally all the information can be displayed in a presentable form.

hashtag
Shodan

It is a search engine that crawls devices connected to the internet including but not limited to the world wide web.

https://www.shodan.iowww.shodan.iochevron-right
Shodan Search Engine

hashtag
Security Headers

This is another website for gathering information about a website or a domain's security posture.

LogoAnalyse your HTTP response headerssecurityheaderschevron-right
Security Headers

hashtag
Source Code Info

One of the biggest mistakes a firm can make is leave source code open to the general public and leave sensitive credentials such as username, passwords or api tokens in the source code. Its always a good idea to search the popular project management websites such as GitHub, GitLab or SourceForge.

Gitrob or Gitleaks are tools that search through source code for such secrets. It uses regular expressions for searching through the code base,

LogoGitHub - michenriksen/gitrob: Reconnaissance tool for GitHub organizationsGitHubchevron-right
LogoGitHub - gitleaks/gitleaks: Find secrets with Gitleaks πŸ”‘GitHubchevron-right

hashtag
SSL Info

hashtag
SSL Labs

This website runs a test of the SSL server of a website and compares the results with the current best practices. It will test the server against some of the popular vulnerabilities.

LogoSSL Server Test (Powered by Qualys SSL Labs)www.ssllabs.comchevron-right
SSL Labs

hashtag
User Info Gathering

hashtag
Email Harvesting

Gaining the email addresses of the employees of an organization is one of the first steps towards social engineering attacks. Harvester tool can be used for finding the email address, domain names, sub domains, IPs and URLs.

hashtag
Password Dumps

Hackers usually dump the illgained credentials in less reputable sites such as,

LogoHave I Been Pwned: Who's Been PwnedHave I Been Pwnedchevron-right

hashtag
Social Media Tools

Social media is one of the best places to gather info about an organizations employees, their interests, events, etc.

LogoSocial Searcher - Free Social Media Search Enginewww.social-searcher.comchevron-right

Twofi scans a user's twitter feed to create personalized password lists,

Logotwofi - Twitter Words of Interest - DigiNinjadigininjachevron-right

linkedin2username is a script that can be used to extract info from Linkedin,

LogoGitHub - initstring/linkedin2username: OSINT Tool: Generate username lists for companies on LinkedInGitHubchevron-right
PreviousTCPdumpNextSubdomain Enumeration

Last updated