1. Information Gathering
Information Gathering is the act of gathering different kinds of information against the targeted victim or system.
It is the first step or the beginning stage of Ethical Hacking, where the penetration testers or hackers (both black hat or white hat) performed this stage; this is a necessary and crucial step to be performed.
The more the information gathered about the target, the more the probability to obtain relevant results. Information gathering is not just a phase of security testing; it is an art that every penetration-tester (pen-tester) and hacker should master for a better experience in penetration testing.
There are various tools, techniques, and websites, including public sources such as whois, nslookup that can help hackers gather information.
This step is necessary because you may need any information (such as his pet name, best friend's name, age, or phone number to perform password guessing attack or other kinds of attacks) while performing attacks on any target.
Source: https://www.w3schools.in/ethical-hacking/information-gathering-techniques
ping - send ICMP ECHO_REQUEST to network hosts
$ ping -c 3 facebook.com
PING facebook.com (157.240.195.35) 56(84) bytes of data.
64 bytes from edge-star-mini-shv-01-mrs2.facebook.com (157.240.195.35): icmp_seq=1 ttl=55 time=8.39 ms
64 bytes from edge-star-mini-shv-01-mrs2.facebook.com (157.240.195.35): icmp_seq=2 ttl=55 time=27.9 ms
64 bytes from edge-star-mini-shv-01-mrs2.facebook.com (157.240.195.35): icmp_seq=3 ttl=55 time=65.1 ms
--- facebook.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2017ms
rtt min/avg/max/mdev = 8.393/33.824/65.148/23.541 ms
nslookup - query Internet name servers interactively
$ nslookup facebook.com
Server: 192.168.1.254
Address: 192.168.1.254#53
Non-authoritative answer:
Name: facebook.com
Address: 157.240.195.35
Name: facebook.com
Address: 2a03:2880:f142:82:face:b00c:0:25de
whois - client for the whois directory service
$ whois facebook.com
Domain Name: FACEBOOK.COM
Registry Domain ID: 2320948_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.registrarsafe.com
Registrar URL: http://www.registrarsafe.com
Updated Date: 2020-03-10T18:53:59Z
Creation Date: 1997-03-29T05:00:00Z
Registry Expiry Date: 2028-03-30T04:00:00Z
Registrar: RegistrarSafe, LLC
Registrar IANA ID: 3237
Registrar Abuse Contact Email: abusecomplaints@registrarsafe.com
Registrar Abuse Contact Phone: +1-650-308-7004
...
Registrant Name: Domain Admin
Registrant Organization: Facebook, Inc.
Registrant Street: 1601 Willow Rd
Registrant City: Menlo Park
Registrant State/Province: CA
Registrant Postal Code: 94025
Registrant Country: US
Registrant Phone: +1.6505434800
Registrant Phone Ext:
Registrant Fax: +1.6505434800
Registrant Fax Ext:
Registrant Email: domain@fb.com
...
WhatWeb - Identify technologies used by websites.
$ whatweb -v arh.bg.ac.rs
WhatWeb report for http://www.arh.bg.ac.rs/
Status : 200 OK
Title : Univerzitet u Beogradu - Arhitektonski fakultet (University of Belgrade - Faculty of Architecture)
IP : 147.91.19.26
Country : Serbia, RS
Summary : Script[text/javascript], x-pingback[http://www.arh.bg.ac.rs/xmlrpc.php], X-Powered-By[PHP/5.4.16], MetaGenerator[WPML ver:3.1.9.7 stt:51,1;0,WordPress 4.2.2], HTML5, JQuery[1.11.2,4.6.0], All-in-one-SEO-Pack[2.2.7], PHP[5.4.16], HTTPServer[CentOS][Apache/2.4.6 (CentOS) PHP/5.4.16], UncommonHeaders[link], Bootstrap[3.0.2], Google-Analytics[Universal][UA-17162376-1], ShareThis, Open-Graph-Protocol[website][528244433933209], Cookies[_icl_current_language,stl_default_lang], Frame, Email[dekan@arh.bg.ac.rs,iro@arh.bg.ac.rs,itcaf@arh.bg.ac.rs,redakcijasajta@arh.bg.ac.rs,studentskasluzba@arh.bg.ac.rs], Lightbox, WordPress[4.2.2], Apache[2.4.6], WPML-Plugin
Detected Plugins:
[ All-in-one-SEO-Pack ]
The all in one SEO pack automatically optimizes your
WordPress blog for Search Engines (Search Engine
Optimization).
Version : 2.2.7
Website : http://wordpress.org/extend/plugins/all-in-one-seo-pack/
[ Apache ]
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this
project is to provide a secure, efficient and extensible
server that provides HTTP services in sync with the current
HTTP standards.
Version : 2.4.6 (from HTTP Server Header)
Google Dorks: (3)
Website : http://httpd.apache.org/
[ Bootstrap ]
Bootstrap is an open source toolkit for developing with
HTML, CSS, and JS.
Version : 3.0.2
Website : https://getbootstrap.com/
...
theHarvester is used to gather open source intelligence (OSINT) on a company or domain.
$ theHarvester -d example.com -l 10 -b google
*******************************************************************
* _ _ _ *
* | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
* | __| _ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
* \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
* *
* theHarvester 3.2.3 *
* Coded by Christian Martorella *
* Edge-Security Research *
* cmartorella@edge-security.com *
* *
*******************************************************************
[*] Target: example.com
Searching 0 results.
[*] Searching Google.
[*] No IPs found.
[*] Emails found: 21
----------------------
admin@example.com
administrator@example.com
anna@example.com
...
[*] Hosts found: 22
---------------------
api.example.com
bobphone.example.com
com.example.com
...
hunter.io: Find email addresses in seconds
Sherlock: Hunt down social media accounts by username across social networks
$ sudo apt install python3-pip
$ git clone https://github.com/sherlock-project/sherlock.git
$ cd sherlock
$ python3 -m pip install -r requirements.txt
$ python3 sherlock sindresorhus
[*] Checking username sindresorhus on:
[+] Asciinema: https://asciinema.org/~sindresorhus
[+] Atom Discussions: https://discuss.atom.io/u/sindresorhus/summary
[+] Audiojungle: https://audiojungle.net/user/sindresorhus
...