OSINT and Dorks

PowerMeta

Scrape all ppt/doc/xls/etc files and pull metadata from a Website/Domain
https://github.com/dafthack/PowerMeta

Powershell > Invoke-PowerMeta sans.org -download -extract

Dorks

Google Dorks
- https://www.exploit-db.com/google-hacking-database
Googlediggity & Searchdiggi - tool for Windows to multi-search
- Combo tools for Google Dorks
- https://resources.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/
Dork Scan
- https://github.com/1N3/Goohak/
- Example: > goohak domain.com

OSINT

LinkedIn - user may have resume, or cover-letter posted - or activity
Instagram - user may have photo with a Badge posted
Twitter - Found favorite song, dog name, hometown from a CTF
Facebook

Maltego

Great tool.. but free version is limited

Amazon S3 Bucket

Buckets can be searched. And data is often leaked here
Put your keyword domains in file 'myDict'
REF: SANS Holiday Hack 2020

Azure Blobs

https://github.com/cyberark/blobhunter
https://www.cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files

Image Reverse Search

REF: Images/Exit/Steg

PreviousTarget Inventory NextRecon-ng dns zone snoop

Last updated 3 years ago

> curl https://raw.githubusercontent.com/mattweidner/bucket_finder/master/bucket_finder.rb -o bucket_finder.rb
> bucket_finder --download myDict
package ..found!!
http://s3.amazonaws.com/wrapper3000/package