.

OSINT footprinting

<<

noghost

Newbie
Newbie

Posts: 4

Joined: Sat Sep 08, 2012 12:19 pm

Post Sat Sep 15, 2012 12:16 pm

OSINT footprinting

First off if I am posting this is in the wrong section of the forum I apologize.

Obviously information gathering is vital in any internal/external pen-test and from the defense side.  Looking for suggestions on what others on the defense or offensive side are doing to understand what kind of information is out there on the web for anyone to find.

Here are some of the activities I do (or am trying to get my place of business to start doing)

- Metadata analysis looking for usernames and other sensitive info from files on the web (tool - FOCA)
- Looking at developer comment areas in html, js, css ( some automated with scripts when looking for emails, phone numbers, user IDs, but this is also fairly manual at times)
- Looking at pastebin.com type websites for references to the business using advanced google operators
- Searching for the footer that goes out with company emails( "The views expressed in this email ......") - this actually returns a large number of results because people ask questions via email and in-turn get published on the net at some point usually for historical purposes
- Looking for company related information you would find in developer code like internal proxy servers, or company owned IPs, etc
- Seeing what Maltego has to say

Unfortunately I am kind of the new guy and I am not allocated time to do a lot of these things regularly, but I have suggested them and some gain traction if I can show that there are results worth paying attention to.  Its easy from an attackers perspective to see how all of these can offer valuable information, but convincing management to allocate time on it is another story.

What other things are you all looking for?
<<

jinwald12

User avatar

Jr. Member
Jr. Member

Posts: 77

Joined: Thu Nov 05, 2009 5:42 pm

Post Sat Sep 15, 2012 12:22 pm

Re: OSINT footprinting

I wrote a article on this with a focus on wifi pen testing, it may be of help to you.
http://resources.infosecinstitute.com/wlan-penetration-test/
where did all the fun go?

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software