Greeting Everyone ! Hope Everything is going Good In this Blog we will Discuss About 5 Most Used Search Engine That help us to Gather more Information About Our target . This Blog Help To Find out various Information Which Is Publicly available on WWW world wide web.
How Search engine work?
Search Engine Help us to gather Information based On web based As Information Such as IP , Server , Web , IOT devices etc which accessible through Internet . Eg : google is search engine For Everyone
Suppose user Finding for Some data such as json data from particular target Here We will ask google search engine :
Above two example we see How We utilize Our testing phase using Search engine which help us to gather More Information against Our target .
Most 5 Used Search engine ?
GreyNoise: GreyNoise is platform for Cyber Security that collects and analyses Internet based scan and attack traffic . GreyNoise allows the ability to filter this useless noise out. Its working based On Api call.
ZoomEye : zoomEye is Serach engine mostly use by an pen tester or hacker to check open device which are vulnerable for supply attack . Zoomeye help us to find specific connected network devices . This Help our testing phase More Easy As Easily manipulate Vulnerable server Version Product etc of target system .
Usage : Supposed for checking organization details here We will use org:facebook.com
As above picture picture we see It gives us result Base on our search . here We
You can also Search by IP Address: ip:220.127.116.11
Shodan Shodan is most used Search engine Which has Big data available For A pen tester shodan take big rule shodan is most popular search engine Which is GUI or CLI Based it help user find specific types of computers connected to the internet using a variety of filters. Look our Previous Blog : For Shodan CLI https://securiumsolutions.com/blog/shodan-search-engine-command-line-interface/.
As example To manipulate Available data from org facebook here we will use filter keyword :
As above picture We see It gives us result based On org & domain name Suppose we need to lookup Server According to version We will use filter : Server: nginx/1.1.19
As above picture wee see This is how Search engine help us to manipulate different Result based on our keyword.
Censys : Censys is also work same as Shodan Result Output Same As shodan this help an penetration tester to Manipulate Different Information Such as IP, Server Details , IOT Devices , and all internet Connected Device . Censys help testers to find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.
Now eg: We Need to look for Port 80 with response code 200 Here we will use filter : 80.http.get.status_code: 200
As above picture we See How We utilize Search engine To find Our Different Information Against our target.
Hunter : Hunter.io (hunter) Help a tester to gather all publicly available Email Address of Our Target Organization . this help marketer to gather Email Address From Targeted Domain .
To check Navigate to hunter.io and search for your target domain EG: google.com
As output we see it manipulated All Publicly available emails of google.com this is how we can utilize different search engine to gather different information against Our target.
Conclusion: In this Blog we Discussed How Different Search engine Work How common Output we can fetch from Search engine while we are Doing Penetration Testing against Our targeted Organisation . we discussed 5 different search engine hope you learned Something New Today .
Thanks For Reading……. See You In Another Blog!
Stick With Our Blog : https://securiumsolutions.com/blog/
Author : Pallab Jyoti Borah | VAPT Analyst