Greeting Everyone,
Today we are going to Discuss Information Gathering using Github Google Dork, Shodan. As we know information gathering concept, the simplest way to define it would be the process of collecting information about something you are interested in which helps us to further testing steps.
Ethical hackers use a wide variety of techniques and tools to get this precious information about their targets, as well as which help us to find out some sensitive information, Network information, domain information, and different data which consist gathering goal.
In Today’s lesson How GitHub repositories can disclose all sorts of potentially valuable information How the Google Search engine helps us to find sensitive information about our target & How to use Shodan for gathering more information about the target.
How to start Your Information-gathering process.
Step 1: Find Your Target
Step 2: Usage of Github Platform for Recon
Step 3: Using Google dork Find More information including some private data.
Step 4: is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) Find Details about ip by specifically.
Usage of Github Platform for Recon
Assume We have target www.abc.com As the first step Search Engines Github Within the results check the Repositories, Code, Commits, and Issues. Code is the biggest one where we will probably find the sensitive information Developers tend to share too much information there. As here “Keyword” help us to find information about our target.
To start : → Go to www.github.com
→ Now we are looking at AWS-KEY= On Github source Engine As below Picture,
In the above picture We used the Search box for Gathering Information Now find Specify By Your target: Search:- → “www.target.com” AWS-KEY=
As above picture, we are able to collect AWS-KEY= which is sensitive and available On the GitHub source engine
We can use different Keywords as mentioned below,
GH_USER_NAME=
GITHUB_API_KEY=
OAUTH_TOKEN=
SSMTP_CONFIG=
ACCESSKEY=
ADMIN_EMAIL=
API_SECRET=
Now, look for the FTP Password sometime developers Forget to Remove or make it private On the GitHub repo which Exposes data Critically,
To find Search:→
→ “www.Yoursite.com” FTP_PASSWORD=
And sometimes you will get This type of critically exposed Information as below picture
Recon using GitHub makes everything more simple We have fo follow the keyword as You see Target” this contains Our target “Password=” It contains like payload that we look for.
You can follow this Recon keyword list to make recon better.
Using Google Dork Find More information including some private data.
How Google Dorking and Google Hacking Help Us in the Information Gathering Process Dorking, is an information-gathering technique leveraging advanced Google searching techniques that help a hacker and Pen tester.
Let’s Find Some Interesting Information using google dork,
→ inurl:target.com intitle:"index of"
Using the above command as above pic we have found out Dir Listing of our target Now check inside the dir You will Definitely See some sensitive information about our target
As above picture we have found some directories of our target using Google Dorking Let’s find some critical data using Google Dorking
To find out database Password using Google dork,
-> inurl:”target” filetype:env “DB_PASSWORD”
As above picture, we have found database passwords which available publicly
As per above pic now we have find out database password of our target Google Helps us To find out a lot of passive information about our ta
Some Of the Best Google Dorks:
inurl:example.com ext:loginurl:example.com intitle:"index of" ext:sql|xls|xml|json|csvinurl:”example.com”filetype:env "DB_PASSWORD"intitle:"index of" inurl:ftp intext:admin
Information gathering using Shodan
Shodan search engine Even though Shodan is different from content search engines like Google. Shodan allows us to find devices connected to the internet and helps us to find out information like open ports, services and the service versions of those devices. Is also a good tool for passive information gathering. How to utilize Shodan To find out sensitive information.
Now, Visit: https://www.shodan.io/
As an above picture is the main Home page of the Shodan source engine, let’s find details about our targeted IP:
As above picture we have searched IP specific as the Result will get some information about our target Like server Header, version, and ISP Details.
For implementing Our Search pattern we can use search filters that help in our Information-gathering process:
city: find devices in a specific citycountry: find devices in a specific countryhostname: find values that match the hostname as we wantnet: search based on an IP or /x CIDRos: search based on an operating system connected to the internetport: Find particular ports that are open
Now, Supposed we are looking for a webcam by specifying which is connected To internet,
→ “Country” “webcam”
As above pic we have find out webcam basd on Country which is connected through internet .
So Today we have learn how we can utilized Open source engine to collect more and passive information about our target. As Today we used Github, Google , Shodan to utilized our information gathering process . There Are more some interesting techniques tool we will discuss in our next session.
