OSINT and Dorks

PowerMeta

• Scrape all ppt/doc/xls/etc files and pull metadata from a Website/Domain

• https://github.com/dafthack/PowerMeta

Powershell > Invoke-PowerMeta sans.org -download -extract

Dorks

• Google Dorks

  • https://www.exploit-db.com/google-hacking-database

• Googlediggity & Searchdiggi - tool for Windows to multi-search

  • Combo tools for Google Dorks

• • https://resources.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/

• Dork Scan

  • https://github.com/1N3/Goohak/

  • Example: > goohak domain.com

OSINT

• LinkedIn - user may have resume, or cover-letter posted - or activity

• Instagram - user may have photo with a Badge posted

• Twitter - Found favorite song, dog name, hometown from a CTF

• Facebook

Maltego

• Great tool.. but free version is limited

Amazon S3 Bucket

• Buckets can be searched. And data is often leaked here

• Put your keyword domains in file 'myDict'

• REF: SANS Holiday Hack 2020

> curl https://raw.githubusercontent.com/mattweidner/bucket_finder/master/bucket_finder.rb -o bucket_finder.rb
> bucket_finder --download myDict
package ..found!!
http://s3.amazonaws.com/wrapper3000/package

Azure Blobs

• https://github.com/cyberark/blobhunter

• https://www.cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files

Image Reverse Search

• REF: Images/Exit/Steg