Information gathering
Last updated
Last updated
Information gathering is one of the first steps during an engagement. The goal of information gathering is to increase understanding of the target infrastructure, business practices, and information available via open source. The information gathered during this step are used to inform later stages of the engagement.
The following is a sample checklist for researching a target.
What does the target do?
How is the organization structured?
Take note of contact information for key personnel (leadership/management, IT personnel, etc.)
Collect phone and fax numbers, email addresses, usernames, position titles, pictures, etc.
Identify email address structures used by the target.
Identify internal business practices.
Pay particular attention to "about" pages, as these often contain names, social media links, and email addresses.
Perform and enumeration to identify target registrar and DNS information
Use and to attempt to identify technologies used by the target
Use to search for additional internet connected computers and devices
Used to scrape metadata from the target domain(s)
Use to analyze SSL configuration
Check security headers with
Check open job postings for mentions of specific technologies
GitHub, GitLab, SourceForge, Pastebin
Harvest usernames - use tools like , , and to search target domain for usernames, emails, etc.
Use to profile identified personnel