Public sources – WEB APPLICATION ANALYSIS TOOLS

Overview

  • Include anything related to website on public Internet which cause to disclose information
  • Hackers use these information in footprint process or social engineering attacks

Public source Examples

  • Search engine such as Google and Bing
  • Company website including contacts , job posting …
  • Robots.txt
  • View source or comments in HTML contents
  • http://archive.org , can view history of archived website
  • Social media websites like blogs and LinkedIn
  • Trusting fake websites and people (fake opening job in LinkedIn)
  • Geo location and addresses  (used with wireless attacks)
  • https://www.shodan.io , search engine help for system banners
  • Google hacking , review my whitepaper “Maximizing SharePoint Security” https://gallery.technet.microsoft.com/Maximizing-SharePoint-cf7f7efc
  • Google Hacking Database (GHDB) https://www.exploit-db.com/google-hacking-database/ , search engine help in find vulnerabilities and exploits by search queries
  • Document’s metadata , contains information like name of users , OS created the document …

FOCA tool

How to use it

Create new project

01.png

Fill the fields and click Create

02.png

Click Search All

03

It will show list of files found it for this domain and metadata of these documents , you can then right click to Analyze Metadata in Metadata Summary node

04.png

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s