Information gathering is a crucial step in cybersecurity and research, and it can take weeks to collect all necessary details about a company, its clients, employees, emails πŸ“§, potential leaks πŸ”“, recent updates πŸ†•, IP addresses 🌐, domains πŸ–₯️, CIDR blocks 🧩, ASN, and more. This process helps to build a clear picture of the digital footprint of a target, making it easier to identify vulnerabilities and opportunities for improvement.

We will organize the data collected using the tool https://xmind.app/🧠, which is great for creating diagrams πŸ—ΊοΈ and handling large amounts of data in an organized manner.

How to Conduct Information Gathering? πŸ€”

  1. Search for the company on Google πŸ”

    Start by researching the company online. Google is a great resource for uncovering general information πŸ“š, news articles πŸ“°, and any public details that might be available about the company.

  2. Gather information about employees πŸ“±

    Check social media platforms like LinkedIn πŸ’Ό, Twitter 🐦, and others to find employee names and their roles. This can help identify key personnel πŸ‘₯ or uncover further connections. LinkedIn and Twitter are often goldmines for professional and personal information.

  3. Visithttps://hunter.io/**πŸ”‘ (Paid)**

    Hunter.io is a powerful tool for discovering email addresses πŸ“§ related to a specific domain. It can be used to find professional contact information and is highly effective for gathering lead data.

  4. Using Google Dorking πŸ”πŸ’»

    Google Dorking is a technique used to perform specific searches in Google. It allows you to find hidden information that is not readily accessible through normal search queries. Here's an example to show how it works:

    Example:

    You can use search operators like "site:example.com" filetype:pdf to search for PDF files within a specific website. There are numerous advanced search operators to help you fine-tune your research

<aside>

site:swisscom.ch

filetype:pdf machine learning

intitle: data privacy

link: password

intext:cyber threat

</aside>

Example From Visit https://hunter.io/

Screenshot 2025-03-20 173430.png

Websites for Information Gathering πŸŒπŸ”

Here are some valuable websites for gathering information using OSINT (Open-Source Intelligence):

  1. https://osintframework.com/

    The OSINT Framework is one of the best for information gathering! It provides a comprehensive list of tools and websites to search for various types of data (usernames, email addresses, domain names, IP & MAC addresses, and more). πŸ“ŠπŸ”Ž

  2. https://www.whois.com/

    This is a classic tool for finding domain and IP information. It provides ownership details and domain registration information. πŸ–₯οΈπŸ“‘

  3. https://www.crunchbase.com/

    Crunchbase helps you track company acquisitions. If you find a vulnerability inside a parent company, you can investigate further through this resource. πŸ’ΌπŸ“ˆ

  4. https://www.zone-h.org/

    Zone-H offers insights into historical defacements of websites. This can help identify vulnerabilities that may have been exploited in the past. βš οΈπŸ› οΈ

  5. https://www.dnsqueries.com/en/

    A tool for querying DNS records. It's useful for looking up information about domain names, IPs, and related services. πŸŒπŸ”„

  6. https://socradar.io/

    Soc Radar provides tools for threat intelligence, including monitoring data leaks and other cyber threats. πŸ›‘οΈπŸ§ 

  7. https://dehashed.com/

    De hashed is a resource for searching compromised databases, giving you access to exposed usernames, emails, and more. πŸ”‘πŸ’»