First off if I am posting this is in the wrong section of the forum I apologize.

Obviously information gathering is vital in any internal/external pen-test and from the defense side.  Looking for suggestions on what others on the defense or offensive side are doing to understand what kind of information is out there on the web for anyone to find.

Here are some of the activities I do (or am trying to get my place of business to start doing)

- Metadata analysis looking for usernames and other sensitive info from files on the web (tool - FOCA)
- Looking at developer comment areas in html, js, css ( some automated with scripts when looking for emails, phone numbers, user IDs, but this is also fairly manual at times)
- Looking at pastebin.com type websites for references to the business using advanced google operators
- Searching for the footer that goes out with company emails( "The views expressed in this email ......") - this actually returns a large number of results because people ask questions via email and in-turn get published on the net at some point usually for historical purposes
- Looking for company related information you would find in developer code like internal proxy servers, or company owned IPs, etc
- Seeing what Maltego has to say
 
Unfortunately I am kind of the new guy and I am not allocated time to do a lot of these things regularly, but I have suggested them and some gain traction if I can show that there are results worth paying attention to.  Its easy from an attackers perspective to see how all of these can offer valuable information, but convincing management to allocate time on it is another story.

What other things are you all looking for?

Thanks for the welcomes.  EH seems like a pretty good forum that somehow I never stumbled upon until now.

Also any suggestions on how this page could be improved are welcomed.  Although XSS is a fairly old problem, in my experience I find it all over the place in the applications put out at my place of business and across web in general.  Even with certain filters protecting against stealing session cookies by stopping harmful tags like script and iframe, I have demonstrated how its possible to deface a webpage overlaying login forms that submit to my controlled server.  Not all XSS can lead to something evil, but there are many creative ways they can be used and I see it as a major problem especially when used as a spear phish attack via email.

'all glory to the hypnotoad'

Sure.  It is not very clean, but of course it was never really meant to be. 
Its pretty much all php other than some javascript use to remember the scroll bar location via cookie so that when you hit a submit button the page refreshes and stays at the same scroll location.

You could always give me a shout out in the demo =].  Nothing like throwing up some handles from a hacker forum on the screen during some corporate presentation.

http://www.g-rawkz.com/xss.txt

A little page I whipped up to teach developers about some simple XSS attack vectors.  Figured I'd share.

It can be a little quarky because of caching.

www.g-rawkz.com/xss.php