Active Information Gathering

54
◾ 
Ethical Hacking and Penetration Testing Guide
is recommended, since it does not generate any log of presence on the target system. A common 
example would be to use LinkedIn, Facebook, and other social networks to gather information 
about the employees and their interests. This would be very useful when we perform phishing, 
keylogging, browser exploitation, and other client side attacks on the employees.
Sources of Information Gathering
There are many sources of information; the most important ones are as follows:
Social media website
Search engines
Forums
Press releases
People search
Job sites
So let’s discuss some of these sources in detail along with some tools of the trade.
Copying Websites Locally
There are many tools that can be used to copy websites locally; however, one of the most compre-
hensive tool is httrack. It can be used to investigate the website further. For example, let’s suppose 
that the file permissions of a configuration file are not set properly. The configuration might reveal 
some important information, for example, username and password, about the target.

Information Gathering Techniques
◾ 
55
If you are on Linux, you can use Wget command to copy a webpage locally. 
Wget http://
www.rafayhackingarticles.net
Another great tool is 
Website Ripper Copier
, which has a few additional functions than 
httrack.

Yüklə 22,44 Mb.

Dostları ilə paylaş: