Passive Information Gathering

Web Presence

Tools

Web browser

Dogpile.com

Alexa.org

Archive.org

Shodanhq.com

dig

nslookup

Informations

Web site address(es)

Web server type

Server locations

Dates, including “date last modified”

Web links—both internally and externally

Web server directory tree

Technologies used (software/hardware)

Encryption standards

Web-enabled languages

Form fields (including hidden fields)

Form variables

Method of form postings

Company contact information

Meta tags

Any comments within Web pages

E-commerce capabilities

Services and products offered

Exercice: gathering info about Nmap

Step 1 : google "Nmap"

Results

Nmap.org

Insecure.org

Sectools.org

Step 2 : Alexa "Nmap.org"

Alexa.org believes => Nmap.org and Insecure.org are related

Nmap.org permits subdomains

scanme.Nmap.org.

Step 3: nmap.org itself

Archive.org

allows to see how the Website has changed over the years

it often has information no longer available through Google

Archive.org does not provide the latest 6 months of archive

Turn Off All Access to Target System

Netcraft.com

Google

site:cgi.Insecure.org

Corporate Data

location

employee information

network information

Google maps

adjoining buildings

buildings across

the street

entrances

window locations

ingress/egress routes

lighting

cameras

access controls

Google Earth

Bing maps

Whois and DNS

Whois

dig

query nameservers

dig ns nmap.org

nslookup

Additional Internet Resources

http://freenews.maxbaud.net

investigated to determine if it has been listed in the SPAM database

it might indicate that the mail server had been compromised in the past

www.dnsbl.info

job sites

results matching ""

    No results matching ""