Today we are going to Discuss Information Gathering using Github or Google dork, Shodan . As we know information gathering concept, the simplest way to define it would be the process of collecting information about something you are interested in which help us to further testing steps.
Ethical hackers use a big variety of techniques and tools to get this precious information about their targets, as well as which help us to find out some sensitive information, Network information, domain information, different data which consist gathering goal.
In Today’s lesson How GitHub repositories can disclose all sorts of potentially valuable information How google Search engine help us to find sensitive information about our target & How to use Shodan for gathering more information about target.
How to start Your Information gathering process.
Step1: Find Your target
Step2: Usage of Github Platform for Recon
Step2: Using Google dork Find More information including some private data .
Step3: is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) Find Details about ip by specifically.
Usage of Github Platform for Recon
Assume We have target www.abc.com As first step Search Engines Github Within the results check the Repositories, Code, Commits and Issues. Code is the biggest one where we will probably find the sensitive information Developers tend to share too much information there . As here “Keyword” help us to find Information about our target.
To start : → Go to www.github.com
→ Now we are looking AWS-KEY= On Github source Engine As below Picture,
In above picture We used Search box for Gathering Information Now find Specify By Your target: Search :- → “www.target.com” AWS-KEY=
As above picture we are able to collect AWS-KEY= which is sensitive and available On github source engine
We can use different Keyword as mentioned below,
Now, look for FTP Password sometime developer Forgot to Remove or make it private On github repo which Expose data Critically ,
To find Search:→
→ “www.Yoursite.com” FTP_PASSWORD=
And sometime you will get This type of critically exposed Information as below picture
Recon using github make everything more simple we have fo follow keyword as You see Target” this contain Our target “Password=” It contain like payload what we look for.
You can follow this Recon keyword list to make recon more better.
Using Google dork Find More information including some private data .
How google dorking & google hacking help us in information gathering process dorking, is an information gathering technique leveraging advanced Google searching techniques which help a hacker and Pen tester.
Lets Find Some interesting Information using google dork,
inurl:target.com intitle:"index of"
Using above command as above pic we have find out Dir Listing of our target now check inside dir You will Definitely See some sensitive information about our target
As above picture we have found some directory of our target using google dorking lets find some critical data using google dorking
To find out database Password using Google dork,
-> inurl:”target” filetype:env “DB_PASSWORD”
As above picture we have findout databases password which available publicly
As above pic now we have findout database password of our target So Google Help us To find out lot of passive information about our ta
Some Of Best Google Dork:
inurl:example.com intitle:"index of" ext:sql|xls|xml|json|csv
intitle:"index of" inurl:ftp intext:admin
Information gathering using shodan
Shodan search engine Even though Shodan is different from content search engines like Google. Shodan allows us to ind out devices connected to internet and help us to find out information like open ports, services and the service versions of those devices. Is also good tool for passive information gathering. How to utilized Shodan To find out sensitive information.
Now, Visit : https://www.shodan.io/
As above picture is main Home page of shodan source engine, Now lets find details about our targeted ip:
As above picture we have search IP specific as Result will get some information about our target Like server Header, version , ISP Details.
For implementing Our Search pattern we can use search filters which helps in our Information gathering process:
city: find devices in a specify city
country: find devices in a specify country
hostname: find values that match the hostname as we want
net: search based on an IP or /x CIDR
os: search based on operating system which connected through internet
port: find particular ports that are open
Now , Supposed we are looking for webcam by specify which is connected On internet,
→ “Country” “webcam”
As above pic we have find out webcam basd on Country which is connected through internet .
So Today we have learn how we can utilized Open source engine to collect more and passive information about our target. As Today we used Github, Google , Shodan to utilized our information gathering process . There Are more some interesting techniques tool we will discuss in our next session.