Cyber Security / Ethical Hacking
  • Prologue
  • CTF/OSCP Prep
    • Fundamentals
      • Linux
        • Basics
        • Bash Scripting
      • Windows
        • Basics
        • PowerShell
          • Scripting
        • CMD
      • Kali Survivor Skills
    • Information Gathering
      • Passive Recon
      • Active Recon
    • Enumeration
      • Common Ports
      • Vulnerability Analysis
    • Exploitation
      • Shells
  • Binary Exploitation / Exploit Development
    • Useful tools and techniques for Binary Exploitation
    • Shellcoders Handbook
      • Chapter 2 - Stack Overflows
        • Linux Buffer Overflow With Command Injection
        • Linux Buffer Overflow Without Shellcode
      • Chapter 3 - Shellcode
  • TryHackMe
    • Linux Fundamentals
      • Linux Challenges
      • RP: tmux
      • Common Linux Privesc
    • Advent of Cyber
      • Inventory Management
      • Arctic Forum
      • Evil Elf
      • Training
      • Ho-Ho-Hosint
      • Data Elf-iltration
      • Skilling Up
      • SUID Shenanigans
      • Requests
      • Metasploit-a-ho-ho-ho
      • Elf Applications
      • Elfcryption
      • Accumulate
      • Unknown Storage
    • Web Application Security
      • Web Fundamentals
      • Juice Shop
      • WebAppSec 101
    • Linux Privesc Playground
    • Intro to x86-64
    • Ninja Skills
    • CC: Radare2
    • Reversing ELF
    • Intro to Python
    • ToolsRus
  • Programming
    • Python
      • Simple TCP Port Scanner/ Banner Grabber
      • Botnet
      • Keylogger
      • Nmap Scanner
    • Golang
      • Execute Commands
      • MAC changer
      • TCP Port Scanner
      • TCP Port Scanner (improved with goroutines)
      • GoNmap Scanner
  • Protostar
    • Stack 0
    • Stack 1
    • Stack 2
  • Web App Pentesting
    • Recon
    • Authentication (Portswigger Academy)
      • Vulnerabilities in password-based login
        • Username Enumeration via different responses
        • Username enumeration via subtly different responses
        • Username enumeration via response timing
        • Broken brute-force protection, IP block
        • Username enumeration via account lock
        • Broken brute-force protection, multiple credentials per request
      • Vulnerabilities in multi-factor authentication
        • 2FA simple bypass
        • 2FA Broken Logic
        • 2FA bypass using a brute-force attack
      • Vulnerabilities in other authentication mechanisms
    • Broken Acess Controls
      • Insecure direct object references (IDOR)
        • Insecure direct object references lab
  • HackTheBox
    • Active
      • Untitled
      • Blunder
Powered by GitBook
On this page
  • Google hacking
  • People

Was this helpful?

  1. CTF/OSCP Prep
  2. Information Gathering

Passive Recon

PreviousInformation GatheringNextActive Recon

Last updated 5 years ago

Was this helpful?

Google hacking

Google search to find website sub domains

site:microsoft.com

Google search within webaddress

site:microsoft.com eternalblue

Google filetype, and intitle

intitle:"netbotz appliance" "OK" -filetype:pdf

Google inurl

inurl:"level/15/sexec/-/show"

Google cached version

cache:microsoft.com

Goolge login pages on sites that use then ending .pt (Portugal)

site:pt inurl:admin.php

Google Hacking Database

People

Social Media

Sherlock

/opt/sherlock/sherlock.py

Google

site:twitter.com companyname
site:linkedin.com companyname
site:facebook.com companyname

Email

Simply Email

# Download
git clone <https://github.com/killswitch-GUI/SimplyEmail.git>
# Usage
./SimplyEmail.py -all -e TARGET-DOMAIN

Find emails in google, bing, pgp, etc

theharvester -d $ip -l -b google

Find emails and employee name with Recon-ng

recon-ng; use module; set DOMAIN $ip; run;
recon/contacts/gather/http/api/whois_pocs

SSL Certificate Testing

Netcraft

Determine the operating system and tools used to build a site

Whois

whois [domain-name-here.com](<http://domain-name-here.com/>)
whois $ip

Banner Grabbing

nc -v $ip 25
telnet $ip 25
nc TARGET-IP 80

https://www.exploit-db.com/google-hacking-database/
https://www.ssllabs.com/ssltest/analyze.html
https://searchdns.netcraft.com/