5 sources of information gathering about people
Have you watched Mr.Robot? If not, you should start watching it today(don’t binge-watch though). Your spirit to go ahead in this roadmap will come back. I too was recommended by one of my colleagues and I was amazed by this series. Enough of the talks, coming back to the roadmap now, how was the time with Google Dorking? Today, we’ll be going through sources of gathering information about people.
What were we doing till now?
Until now, we were doing information gathering, that’s step 1 to penetration testing. Now, we’ll learn one more way of this. This is called social engineering. It’s the fun part of this step. Social engineering is about tricking users, manipulating their data from their security mistakes, or finding where they give away sensitive information and here we’ll talk about 5 sources of gathering information.
Sources of Information Gathering
1. Social Media Platforms :
This is one of the best ways to gather information about someone if you know about their social media usernames. Why? If there are 5 Instagram stories visible to you, 1 of them would have someone should their boarding pass or vehicle number or something sensitive which can help in knowing information about them, and then they wonder how are we getting hacked😵. If you’ll look into someone’s profile, observe their posts. You’ll get a lot to know about them.
Let me share a secret with you if the Instagram profile you’re looking into is private. You can still look into their profile, here’s how. Install this library, add your username and view it into their profile. Not going into how to use this library, It’s on you I’m here just to share how to achieve, spoon-feed yourself😊.
2. Email and Google Dorking :
If you would have read the last article, you would know what is Google Dorking. If not, have a quick recap and then continue this article. By Google Dorking, you can find a lot about someone. Now, say you have a username but don’t know which social media it is. Just google this
@targetusernameThat’s it and google will find it for you.
Taking this to the next level, if you have the email of that person you’re looking for add that with @. Many a time people keep the same usernames. Moreover, if that email is a Gmail account, then type that email in some google product like docs, sheets, or slides anywhere. Google links the accounts showing you their basic public profile in form of a card. It will be bingo for you if they’ll have profile photos, Google had done this for UX, but the purpose matters on the user
3. Harvester :
Now if you want to look at someone from an organization, take out information about IPs and linked people’s emails using a tool called theHarvester. This collects all the information from various sources like Linkedin, google, bing, etc. This is present by default in Kali. Just go to the terminal and type this
theHarvester -d site.come -l 500 -b google4. Whois Lookup :
If the user is owning some domain, Whois will help you. Whois reveals about a domain’s owner. Sometimes domain details, its certificates reveal a lot of information. It may reveal information like the name, email of the owner that may help you.
5. Hunter.io :
If you are finding someone’s email from a company, this website is for you. Search in the company name and get some emails from that company. Now, use the above 4 techniques to find more about that email.
A social life, an organization’s aim to reach 100s of people, a product’s aim to improve UX that’s how you’ll reach the data. These are all minor details that are captured in information gathering. Observing is what is special about this step. If you would have read my previous articles, I had said that “Great attacks or testing are not about how advanced they were, but about how much crucial information was taken out”. This will happen only when you observe. The more you observe, the more you’ll know about the ecosystem and hence, you’ll find the weaknesses.
That’s all for this article! Don’t forget to try out these and remember:CAUTION: You need to make sure that you will not use this information for any illegal purposes. If you find something sensitive while practicing this, do not use that information instead inform the website owner as soon as possible.
To-Do:
- Try out the above techniques
- Try to mix various operators of Google Dorking
In the next article, we’ll dive into the world of domains. Till then keep practicing and yes, you can throw me an email or share in the comments if you’re facing some issue or have something to share.