“Information is power,” as the saying goes. And in most scenarios, it’s true: having critical information at the proper time and particularly knowing the way to use it are often an excellent source of power. Before directly jumping to the core of information gathering, do you know about the 5 phases of hacking? I would recommend you to read our post on that topic and then move forward.
What is information gathering?
In simple words, Information gathering can be described as collecting data from various open-source tools about something you are interested in. This phase of hacking is also known as Footprinting. For those who work in the cybersecurity industry, the first step taken by the penetration tester (both blackhat or whitehat) at the early stages of any hacking activity is to gather as much information as possible about the desired target. The more the knowledge gathered about the target, the more the probability to get relevant results. Information gathering isn’t just a phase of security testing; it’s an art that each penetration tester and hacker should master for a better experience in penetration testing.
Information Gathering Techniques
- Google Hacking- This has nothing to do with hacking google, it is a term used for performing advanced google searches and filtering out the data you need as an attacker. It is also called Google Dorking. Example: inurl:”paypal.log” ext:log, MAIL_HOST filetype:env. You can use Google Hacking Database for conducting various types of searches.
- Social Engineering- This includes in-person chat, phone conversations, and email spoofing attacks. What these methods have in common is the psychology of human weakness needed to get maximum data about the target.
- OSINT Framework- After the release of the OSINT (Open-source intelligence) Framework, the process of information gathering has become quite interesting and fast as it brings all the tools required for information gathering at a single place.
- DNS Interrogation- These are registered by organizations, governments, public and private agencies, and people. Therefore, they’re a great starting point when you want to investigate someone. Personal information, associated domains, projects, services, and technologies can be found by inspecting domain name information.
- Tailgating to get physical access or pictures with hidden cameras.
Useful tools for Information Gathering
- Who is lookup– It is an open-source tool used to generate information about the domain when it was created and updated.
- DNS stuff– It consists of various tools like domain, email, IP, networking tools that can be used to find information about a website. It can also generate a report based on your needs.
- Sublist3r: This is one of the best subdomain enumeration tools around, one that will help you create a virtual subdomain map of any website in no time. By using Google dorks and other search engines such as Baidu, Ask, Yahoo or Bing, it can also be used to perform a brute force subdomain discovery attack with wordlists, thanks to its subroute integration.
- Dig(Domain Information Groper): Whenever you need to find current data about DNS records, Dig is one of the best tools there is to help you to accomplish that task, whether you want to get A, NS, TXT or CNAME records.
Options with dig- Dig Google.com NS—— Find all name server
Dig Google.com MX——Find all mail servers
Dig Google.com A——–Resolve Domain Name
to IP address
Dig Google.com AAAA——give IPv6 addresses
5. Netcraft– It is known to be an all in one action-packed tool. It allows you to understand what is running behind the website, what is the IP address of the website server it is hosted on, what are the frameworks used to build the website(CMS systems), Domain Registrar, DNS administrators, etc.
6.Traceroute: As one of the most popular network tools used to track the path of network packets between one IP address to another, it’s a powerful recon tool that will let you gain critical network information about IP addresses and networking routes.
How can one protect their device?
The thing that should also spring into the mind is that how one can protect his/her system from being exposed? The so-called “victim” in this case can use Netstat which is a pretty powerful command-line utility used to display detailed information about how your computer is communicating with other computers or network devices. This command-line utility displays TCP connections, routing tables, and interfaces information.