osint, cyberstalking, footprinting and recon: getting to know you
TRANSCRIPT
Irongeekcom
Adrian Crenshaw
Irongeekcom
I run Irongeekcom
I have an interest in InfoSec education
I donrsquot know everything - Irsquom just a geek with time on my hands
(ir)Regular on the ISDPodcasthttpwwwisd-podcastcom
Sometimes my
presentations
are like this
And sometimes
my presentations
are like this
Irongeekcom
Mile wide 25 feet deep
Feel free to ask questions at any time
There will (hopefully) be many long breaks to play with the tools mentioned
Irsquoll try not to drop anyones docs but my own but volunteers for ldquovictimsrdquo will help
Irongeekcom
Other names and related concepts
OSInt (Open Source Intelligence)
Scoping
Footprinting
Discovery
Recon
Cyberstalking
Irongeekcom
DNS Whois and Domain Tools
Finding general Information about an organization via the web
Anti-social networks
Google Hacking
Metadata
Other odds and ends
Irongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
Irongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
Irongeekcom
Tons of fun tools to play withhttpwwwbacktrack-linuxorg
Username rootPassword toor
Many of the DNS tools are inpentestenumerationdns
Irongeekcom
Who-do the voodoo that you do so well
Irongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249wwwirongeekcom
Irongeekcom
Host name to IP lookupnslookup wwwirongeekcom
Reverse lookupnslookup 20897169250
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
I run Irongeekcom
I have an interest in InfoSec education
I donrsquot know everything - Irsquom just a geek with time on my hands
(ir)Regular on the ISDPodcasthttpwwwisd-podcastcom
Sometimes my
presentations
are like this
And sometimes
my presentations
are like this
Irongeekcom
Mile wide 25 feet deep
Feel free to ask questions at any time
There will (hopefully) be many long breaks to play with the tools mentioned
Irsquoll try not to drop anyones docs but my own but volunteers for ldquovictimsrdquo will help
Irongeekcom
Other names and related concepts
OSInt (Open Source Intelligence)
Scoping
Footprinting
Discovery
Recon
Cyberstalking
Irongeekcom
DNS Whois and Domain Tools
Finding general Information about an organization via the web
Anti-social networks
Google Hacking
Metadata
Other odds and ends
Irongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
Irongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
Irongeekcom
Tons of fun tools to play withhttpwwwbacktrack-linuxorg
Username rootPassword toor
Many of the DNS tools are inpentestenumerationdns
Irongeekcom
Who-do the voodoo that you do so well
Irongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249wwwirongeekcom
Irongeekcom
Host name to IP lookupnslookup wwwirongeekcom
Reverse lookupnslookup 20897169250
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Mile wide 25 feet deep
Feel free to ask questions at any time
There will (hopefully) be many long breaks to play with the tools mentioned
Irsquoll try not to drop anyones docs but my own but volunteers for ldquovictimsrdquo will help
Irongeekcom
Other names and related concepts
OSInt (Open Source Intelligence)
Scoping
Footprinting
Discovery
Recon
Cyberstalking
Irongeekcom
DNS Whois and Domain Tools
Finding general Information about an organization via the web
Anti-social networks
Google Hacking
Metadata
Other odds and ends
Irongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
Irongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
Irongeekcom
Tons of fun tools to play withhttpwwwbacktrack-linuxorg
Username rootPassword toor
Many of the DNS tools are inpentestenumerationdns
Irongeekcom
Who-do the voodoo that you do so well
Irongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249wwwirongeekcom
Irongeekcom
Host name to IP lookupnslookup wwwirongeekcom
Reverse lookupnslookup 20897169250
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Other names and related concepts
OSInt (Open Source Intelligence)
Scoping
Footprinting
Discovery
Recon
Cyberstalking
Irongeekcom
DNS Whois and Domain Tools
Finding general Information about an organization via the web
Anti-social networks
Google Hacking
Metadata
Other odds and ends
Irongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
Irongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
Irongeekcom
Tons of fun tools to play withhttpwwwbacktrack-linuxorg
Username rootPassword toor
Many of the DNS tools are inpentestenumerationdns
Irongeekcom
Who-do the voodoo that you do so well
Irongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249wwwirongeekcom
Irongeekcom
Host name to IP lookupnslookup wwwirongeekcom
Reverse lookupnslookup 20897169250
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
DNS Whois and Domain Tools
Finding general Information about an organization via the web
Anti-social networks
Google Hacking
Metadata
Other odds and ends
Irongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
Irongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
Irongeekcom
Tons of fun tools to play withhttpwwwbacktrack-linuxorg
Username rootPassword toor
Many of the DNS tools are inpentestenumerationdns
Irongeekcom
Who-do the voodoo that you do so well
Irongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249wwwirongeekcom
Irongeekcom
Host name to IP lookupnslookup wwwirongeekcom
Reverse lookupnslookup 20897169250
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
Irongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
Irongeekcom
Tons of fun tools to play withhttpwwwbacktrack-linuxorg
Username rootPassword toor
Many of the DNS tools are inpentestenumerationdns
Irongeekcom
Who-do the voodoo that you do so well
Irongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249wwwirongeekcom
Irongeekcom
Host name to IP lookupnslookup wwwirongeekcom
Reverse lookupnslookup 20897169250
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
Irongeekcom
Tons of fun tools to play withhttpwwwbacktrack-linuxorg
Username rootPassword toor
Many of the DNS tools are inpentestenumerationdns
Irongeekcom
Who-do the voodoo that you do so well
Irongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249wwwirongeekcom
Irongeekcom
Host name to IP lookupnslookup wwwirongeekcom
Reverse lookupnslookup 20897169250
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Tons of fun tools to play withhttpwwwbacktrack-linuxorg
Username rootPassword toor
Many of the DNS tools are inpentestenumerationdns
Irongeekcom
Who-do the voodoo that you do so well
Irongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249wwwirongeekcom
Irongeekcom
Host name to IP lookupnslookup wwwirongeekcom
Reverse lookupnslookup 20897169250
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Who-do the voodoo that you do so well
Irongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249wwwirongeekcom
Irongeekcom
Host name to IP lookupnslookup wwwirongeekcom
Reverse lookupnslookup 20897169250
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249wwwirongeekcom
Irongeekcom
Host name to IP lookupnslookup wwwirongeekcom
Reverse lookupnslookup 20897169250
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Host name to IP lookupnslookup wwwirongeekcom
Reverse lookupnslookup 20897169250
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA28 RFC 3596 IPv6 address
record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Domain Internet Groperdig ugentbe nsdig ugdns1ugentbe ugentbe axfr
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Other tools in BackTrackdnsreconpy -d ugentbe ndashxdnsenumpl ugentbe
ServerSniffhttpserversniffnetnsreportphphttpserversniffnetcontentphpdo=subdomains
GUI Dig for Windowshttpnscanorgdightml
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Fiercehttphackersorgfiercefiercepl -threads 100 -dns irongeekcomfiercepl -dns irongeekcom -wordlist dictionarytxt
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
apt-get install whois
whois examplecom
whois 20897169250
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
nix Command line
Nirsoftrsquoshttpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
RobTexhttpwwwrobtexcom
ServerSniffhttpwwwserversniffnet
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Windows (ICMP)tracert irongeekcom
nix (UDP by default change with ndashI or -T)traceroute irongeekcom
Just for funhttpwwwnabberorgprojectsgeotrace
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
So you have a job posting for anEthical Hacker huh
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
The organizationrsquos website (duh)
Corp Infohttpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machinehttpwwwarchiveorg
Monster (and other job sites)httpwwwmonstercom
Zoominfohttpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boardshttpboardreadercomhttpomgilicomhttpgroupsgooglecom
LinkedInhttpwwwlinkedincom
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Itrsquos all about how this links to that links to some other thinghellip
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Maltegohttpwwwpatervacomweb5
See differenceshttpwwwpatervacomweb5clientdifferencephp
Covers a large cross section of what this class is about
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
More than just turning off safe search (though thatrsquos fun too)
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Exploit DB Google Dorkshttpwwwexploit-dbcomgoogle-dorks
Old Schoolhttpwwwhackersforcharityorgghdb
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Metagoofilhttpwwwedge-securitycommetagoofilphp
The HarvestertheHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Toolhttpwwwsecappscomaghdb
Spiderfoothttpwwwbinarypoolcomspiderfoot
Goolaghttpgoolagorg
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
GooscanShould be on BackTrack CDVM
Wiktohttpwwwsensepostcomresearchwikto
SiteDiggerhttpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLEhttpwwwsensepostcomresearch_mischtml
MSNPawnhttpwwwnet-squarecommsnpawnindexshtml
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
JSONAtomhttpcodegooglecomapiscustomsearchv1overviewhtml
Oldhttpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPIhttpevilapicom (defunct)
Spudhttpwwwsensepostcomlabstoolspentestspud
I can Haz API keyzhttpsgithubcomsearch
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Data about data
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofilhttpwwwedge-securitycommetagoofilphp
EXIF Toolhttpwwwsnophyqueensuca~philexiftool
EXIF Viewer Pluginhttpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
EXIF Readerhttpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramiohttpuserscriptsorgscriptsshow27101
Creepyhttpilektrojohngithubcomcreepy
Pauldotcomhttpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Stuff that does not quite fit anywhere else
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
httpsamyplandroidmap
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalkinghttpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelineshttpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration TestershttpwwwvulnerabilityassessmentcoukPenetration20Testhtml
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
Social Zombies - Kevin Johnson and Tom Estonhttpwwwyoutubecomwatchv=l79q2G3E8HYhttpwwwyoutubecomview_play_listp=C591646E9B0CF33Bhttpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamielhttpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcushttpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
DerbyCon 2011 Louisville KySept 30 - Oct 2httpderbyconcom
Louisville Infosechttpwwwlouisvilleinfoseccom
Other Conshttpwwwskydogconcomhttpwwwdojoconorghttpwwwhack3rconorghttpphreaknicinfohttpnotaconorghttpwwwouterz0neorg
Irongeekcom
42
Irongeekcom
42