Welcome to the Recon Special Penetration Testing Bootcamp! Here, I’ll teach you about different ways to gather information passively using techniques and tools. This article breaks down key concepts, providing commands and knowledge suitable for both beginners and advanced hackers.
Using Search Engines:
We’ll start by finding target administration consoles and vulnerabilities using Google Hacking or the Google Hacking Database. For example, you can run a command like this:
site:example.com inurl:adminFor more detailed information on Google Hacking, you can check out some blogs I recommend.
Exploring Shodan:
Shodan is a search engine that provides crucial information about hosts and target networks. You can use it like this:
shodan search example.comSocial Network Investigation:
You can extract valuable employee data from platforms like Facebook, Twitter, and LinkedIn using frameworks. For Facebook, a command might look like this:
python3 osint-scraper.py -u <target_facebook_profile_url>WHOIS Information:
Retrieve domain and registrant information with WHOIS commands. This can help you understand the legitimacy of a target. For example:
whois example.comWebsite Footprinting:
Tools like HTTrack and archives.org allow you to access older versions of web pages, helping you identify bugs and technologies used in the past. You can use proxies to inspect requests to the web server.
Web Technologies Analysis:
Use builtwith.com to identify web technologies and frameworks, which can help you find known vulnerabilities or bugs.
Domain and Subdomain Investigation:
Employ tools like Sublist3r to find subdomains of a site, which is important for reconnaissance.
Cloud Investigation:
Focus on services like AWS using tools like the S3 scanner to find hidden data in AWS buckets.
Metadata Examination:
For image and document metadata, you can use Metagoofil, which is helpful for forensics or steganography.
Recommended Tools:
There are several frameworks and tools recommended for reconnaissance, such as Recon-ng, Maltego, Sublist3r, The Harvester, OSRFramework, Netcraft, Showdown, and Metagoofil.
Conclusion:
Using these tools responsibly can boost your hacking skills. Remember, always use them legally and ethically. Stay tuned for more beginner-friendly guides, and don’t forget to check out other blogs on this website for more learning opportunities.