Passive information Gathering

Google Dorking

  • site:megacorpone.com -filetype:html

  • The Direcotry Listing like google dorking

    • intitle:"index of" "parent directory"

Netcraft Website

  • from site report > site technology >> List the subdomian technologies

Search from GitHub, GitLab, GitHub Gist, SourceForge

  • You can search online source codes repositories

  • Sometime api key , credential leak form this site

  • Tools

    • gitleaks

Shodan

  • Shodan querys

    • hostname:megacorpone.com port:"22"

Security Headers and SSL/TLS

  • https://www.ssllabs.com/ssltest/

  • https://www.secuirtyheaders.com

  • The missing headers are not necessarily vulnerability themselves, but they could indicate web dev or server admin are not familier with server hardening

PreviousInformation GatheringNextActive Information Gathering

Last updated