Open Source Intelligence (OSINT) and Google hacking
The Anglo-Saxon acronym OSINT means Open Source Intelligence, or source intelligence Open. Is Very employed in the military environment, intelligence personnel of government agencies and forces of Order. The OSINT information sources refer to any information that is declassified and publicly accessible via the Internet for free.
These sources of information are made up of blogs, corporate websites, social networks, forums, digital newspapers, etc. Although OSINT sources of information are open and free, they are not easy to find and exploit. The most valuable in fact are in the deep Internet and therefore their contents are out of reach of search engines. If you just use search engines like Google you will be missing a lot of useful information.
This concludes that open source techniques combine both superficial and deep Internet information.
Practical example with Google
In this example we will see how you could collect useful information from public sources about an organization using Google as a search engine.
It is very important to answer some questions about the organization that you want to target.
- What do you do for A living?
- How do they interact with the world?
- Do you have a purchasing department?
- Are you interested in hiring staff?
You need to explore the organization’s website and look for general information such as contact details, phone and fax numbers, emails, company structure, etc.
The Google search engine supports many operators, which allow you to perform very targeted searches using all kinds of filters.
In This example, will limit the results of Google’s search to a single domain. A simple search with operators like this can offer very useful information.
Let’s say we want to know the approximate presence of a company on the Internet:
The above example has used the operator Site To limit the results that Google will display so that only the Amazon.com domain appears. Google has indexed about 170 million of the results of that domain.
It is appreciated that most Results Originate from the www.amazon.com subdomain. You can add a filter to see what other subdomains deliver results:
These two simple queries reveal a lot of information about the searched domain, such as the general idea about their Internet presence and a list of their accessible web subdomains.
Other operators can be used as FileType, Inurl and Intitle To find information about the target organization. For example, a common video server as the homepage of the Web site.
As you can see, the title of the Web is a unique label: “Biromsoft Webcam. ” With a few simple Google searches you can narrow down the search results to include only these devices.
In this example, it You can filter the type of documents that exist in the domain. For example, PDF documents on the target website:
These are just a few examples, but you can do hundreds of interesting searches. Many of them are listed in the Google hacking Database (GHDB), a section of Exploit Database.
OSINT techniques are a very powerful weapon, usually underestimated, but with a very large potential when it comes to collecting information about a target that you want to attack.
In addition to Google you can use other search engines like Bing and Shodan. They all have their own commands to perform specific searches.
Have you ever questioned what public information your company is exposed to? We encourage you to investigate, you’ll probably find interesting information.
Julio Martínez | Cybersecurity Consultant In R3 CyberSecurity