10.9 C
Karachi
Monday, January 30, 2023

Ethical Hacking – Footprinting Search Engine

In the world of Ethical Hacking, collecting the information regarding a target network from publicly accessible sources is referred to as Footprint or Reconnaissance.

Footprinting comes in the list of tasks that pen-testers or ethical hackers perform before the actual attack. Gathered information of the target helps to devise an effective strategy to compromise the system and network security. Pen-tester or Ethical hackers should think like an attacker, so they need to simulate all steps an attacker usually follows to get enough idea of the security of the target system.

We can extract critical information about the target organization by using effective use of Search Engines. The information we may be interested in could be contact details, employee details, login pages, technologies used, platform information, etc.

We will demonstrate to gather information using the following:

1) Google hacking technique

2) Video search engine

3) FTP search engine

4) IoT search engine

Google Hacking

Google Hacking involves the use of advanced operators in the google search engine to limit the search result to display the desired pages. These operators can be used to exploit vulnerable or insecure websites.

1) Open any web browser of your choice and navigate to Google.

2) Type intitle:asp.net site:www.microsoft.com and click search. We use two operators intitle and site that restricts the results to only those pages containing “ASP.NET” in the title as shown in the screenshot below.

3) Now, enter wikipedia filetype:pdf. When you click on any appearing result, it displays the PDF file.

4) Additionally, we have other advanced operators at our disposal to gather more specific information about the target organization.

OperatorDescriptionExample
cacheThe results contain the cached version of the web pagecache:www.google.com
allinurlThe result pages contain all the query terms specified in the URL.allinurl:amazon cloud hosting
inurlThe result pages contain the word specified in the URL.inurl: wordpress site:aws.amazon.com
allintitleThe result pages contain all query terms specified in the title.allintitle: detect malware
inanchorThe result pages contain query terms specified in anchor text on the link to the pages.anti-virus inanchor:Norton
allinanchorThe result pages contain all query terms specified in anchor text on the link to the pages. allinanchor: best cloud service provider
linkThe result pages contain links to the specified website or page.link:www.googleguide.com
relatedThe result pages display the website similar or related to the specified URL.related:www.google.com
infoThe operator finds the information for the specified web page.info:facebook.com
locationThe operator finds information for the specified location.location:foodpanda

You may be interested in other advance operators like subject, intext, daterange, author, group, msgid, imagesize, @, #, .. , “”, OR, *, +, -, and etc.

Using Video Search Engine

Video search engines crawl the web looking for video content. We will demonstrate the use of YouTube Search Engine and YouTube DataViewer video analysis tools.

1) Go to any browser of your choice and navigate to Youtube.

2) In the search, type the name of your target organization and you will see the latest video uploaded by them. we chose “Facebook” for demonstration purposes.

3) Select the video of your choice, right-click on the video title, and click “Copy link address“.

4) Now, navigate to Youtube DataViewer, and paste the copied link and click Go. We will observe that it displays some information extracted from the video like Abstract, Video ID, Update Date, and Time. We also find the link button to perform a reverse image search on the thumbnail of the video.

Using FTP Search Engine

FTP search engines are used to search for the files located on FTP Server. These files may carry some useful information about the target organization as many large organizations use FTP servers to keep large file archives and other software that are shared among the employees.

We will use the NAPALM FTP indexer to extract critical information about the target organization.

1) Open the browser of your choice and navigate to the NAPALM FTP indexer and type “micrsoft” to the search bar.

2) You will observe that result contains the details of the FTP of the target organization i.e Microsoft.

3) You can also use other FTP search engines like FreewareWeb FTP File Search to gather useful FTP information of the target organization.

From IoT Search Engine

IoT search engines crawl the internet for vulnerable IoT devices that are publically accessible. These search engines can provide useful information on SCADA, Traffic control systems, Inter-connected household appliances, Industrial appliances, CCTV cameras, etc.

We will search for the information of vulnerable IoT devices in the target organization using the Shodan IoT Search Engine.

1) First, open the browser of your choice, navigate to Shodan Search Engine and type amazon. When you click the search button, you will see a list of vulnerable IoT devices related to amazon hosted in different parts of the world.

2) Similarly, we can use other IoT Search Engines like Censys and Thingful to gather information like IP address, hostname, open ports, geographical locations, and etc.

Gulraeez Gulshan
Gulraeez Gulshan
I am an engineer, programmer, tech-savvy professional, and very passionate about the latest technologies for the modern web, mobile, cloud-native, machine learning, and network automation. I have a bachelor's degree in Electronics Engineering and a Master's degree in Computer Science and Information Technology from a renowned university in Pakistan. I have not limited myself to a certain set of skills in this era where technology is in a state of flux; I have experience working with an extensive range of technologies and learning daily to update my skills and adapt to the latest technologies

Related Articles

1 COMMENT

  1. Thanks for some other informative blog.

    Thee plsce else may just I aam gstting hat type off infoemation written inn such an idfeal manner?
    I’ve a mission thuat I’m sijply noww working on, and I habe bwen onn tthe glance
    out ffor such information.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles