adrian crensha · adrian crenshaw -site:irongeek.com . ... metadata in a word doc he sent to police...
Post on 25-Aug-2018
218 Views
Preview:
TRANSCRIPT
httpIrongeekcom
Adrian Crenshaw
httpIrongeekcom
I run Irongeekcom
I have an interest in InfoSec education
I donrsquot know everything - Irsquom just a geek with time on my hands
Irsquom an (Ir)regular on the InfoSec Daily Podcast httpisdpodcastcom
Sr Information Security Engineer at a Fortune 1000
Co-Founder of Derbycon httpwwwderbyconcom
Twitter Irongeek_ADC
httpIrongeekcom
Mile wide 25 feet deep
Feel free to ask questions at any time
There will (hopefully) be many long breaks to play with the tools mentioned
Irsquoll try not to drop anyones docs but my own but volunteers for ldquovictimsrdquo will help
httpIrongeekcom
Other names and related concepts
OSInt (Open Source Intelligence)
Scoping
Footprinting
Discovery
Recon
Cyberstalking
httpIrongeekcom
DNS Whois and Domain Tools
Finding general Information about an organization via the web
Anti-social networks
Google Hacking
Metadata
Other odds and ends
httpIrongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
httpIrongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
httpIrongeekcom
Tons of fun tools to play with httpwwwbacktrack-linuxorg
Username root Password toor
Many of the DNS tools are in pentestenumerationdns
httpIrongeekcom
Who-do the voodoo that you do so well
httpIrongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249 wwwirongeekcom
httpIrongeekcom
Host name to IP lookup nslookup wwwirongeekcom
Reverse lookup nslookup 20897169250
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
I run Irongeekcom
I have an interest in InfoSec education
I donrsquot know everything - Irsquom just a geek with time on my hands
Irsquom an (Ir)regular on the InfoSec Daily Podcast httpisdpodcastcom
Sr Information Security Engineer at a Fortune 1000
Co-Founder of Derbycon httpwwwderbyconcom
Twitter Irongeek_ADC
httpIrongeekcom
Mile wide 25 feet deep
Feel free to ask questions at any time
There will (hopefully) be many long breaks to play with the tools mentioned
Irsquoll try not to drop anyones docs but my own but volunteers for ldquovictimsrdquo will help
httpIrongeekcom
Other names and related concepts
OSInt (Open Source Intelligence)
Scoping
Footprinting
Discovery
Recon
Cyberstalking
httpIrongeekcom
DNS Whois and Domain Tools
Finding general Information about an organization via the web
Anti-social networks
Google Hacking
Metadata
Other odds and ends
httpIrongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
httpIrongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
httpIrongeekcom
Tons of fun tools to play with httpwwwbacktrack-linuxorg
Username root Password toor
Many of the DNS tools are in pentestenumerationdns
httpIrongeekcom
Who-do the voodoo that you do so well
httpIrongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249 wwwirongeekcom
httpIrongeekcom
Host name to IP lookup nslookup wwwirongeekcom
Reverse lookup nslookup 20897169250
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Mile wide 25 feet deep
Feel free to ask questions at any time
There will (hopefully) be many long breaks to play with the tools mentioned
Irsquoll try not to drop anyones docs but my own but volunteers for ldquovictimsrdquo will help
httpIrongeekcom
Other names and related concepts
OSInt (Open Source Intelligence)
Scoping
Footprinting
Discovery
Recon
Cyberstalking
httpIrongeekcom
DNS Whois and Domain Tools
Finding general Information about an organization via the web
Anti-social networks
Google Hacking
Metadata
Other odds and ends
httpIrongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
httpIrongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
httpIrongeekcom
Tons of fun tools to play with httpwwwbacktrack-linuxorg
Username root Password toor
Many of the DNS tools are in pentestenumerationdns
httpIrongeekcom
Who-do the voodoo that you do so well
httpIrongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249 wwwirongeekcom
httpIrongeekcom
Host name to IP lookup nslookup wwwirongeekcom
Reverse lookup nslookup 20897169250
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Other names and related concepts
OSInt (Open Source Intelligence)
Scoping
Footprinting
Discovery
Recon
Cyberstalking
httpIrongeekcom
DNS Whois and Domain Tools
Finding general Information about an organization via the web
Anti-social networks
Google Hacking
Metadata
Other odds and ends
httpIrongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
httpIrongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
httpIrongeekcom
Tons of fun tools to play with httpwwwbacktrack-linuxorg
Username root Password toor
Many of the DNS tools are in pentestenumerationdns
httpIrongeekcom
Who-do the voodoo that you do so well
httpIrongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249 wwwirongeekcom
httpIrongeekcom
Host name to IP lookup nslookup wwwirongeekcom
Reverse lookup nslookup 20897169250
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
DNS Whois and Domain Tools
Finding general Information about an organization via the web
Anti-social networks
Google Hacking
Metadata
Other odds and ends
httpIrongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
httpIrongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
httpIrongeekcom
Tons of fun tools to play with httpwwwbacktrack-linuxorg
Username root Password toor
Many of the DNS tools are in pentestenumerationdns
httpIrongeekcom
Who-do the voodoo that you do so well
httpIrongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249 wwwirongeekcom
httpIrongeekcom
Host name to IP lookup nslookup wwwirongeekcom
Reverse lookup nslookup 20897169250
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
For Pen-testers and attackers
Precursor to attack
Social Engineering
Disgruntled Employees
User names and passwords
Web vulnerabilities
Internal IT structure (software servers IP layout)
Spearphishing
For everyone else
You want to keep attackers from finding this info and using this against you
httpIrongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
httpIrongeekcom
Tons of fun tools to play with httpwwwbacktrack-linuxorg
Username root Password toor
Many of the DNS tools are in pentestenumerationdns
httpIrongeekcom
Who-do the voodoo that you do so well
httpIrongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249 wwwirongeekcom
httpIrongeekcom
Host name to IP lookup nslookup wwwirongeekcom
Reverse lookup nslookup 20897169250
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
All these techniques are legal as far as I know but IANAL
Sorry if I ldquodrop someonersquos docsrdquo other than my own
Please donrsquot misuse this information
httpIrongeekcom
Tons of fun tools to play with httpwwwbacktrack-linuxorg
Username root Password toor
Many of the DNS tools are in pentestenumerationdns
httpIrongeekcom
Who-do the voodoo that you do so well
httpIrongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249 wwwirongeekcom
httpIrongeekcom
Host name to IP lookup nslookup wwwirongeekcom
Reverse lookup nslookup 20897169250
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Tons of fun tools to play with httpwwwbacktrack-linuxorg
Username root Password toor
Many of the DNS tools are in pentestenumerationdns
httpIrongeekcom
Who-do the voodoo that you do so well
httpIrongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249 wwwirongeekcom
httpIrongeekcom
Host name to IP lookup nslookup wwwirongeekcom
Reverse lookup nslookup 20897169250
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Who-do the voodoo that you do so well
httpIrongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249 wwwirongeekcom
httpIrongeekcom
Host name to IP lookup nslookup wwwirongeekcom
Reverse lookup nslookup 20897169250
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Glue of the Internet
Think of it as a phone book of sorts
Maps names to IPs and IPs to names (and other odds and ends)
Organization information is also kept
69163177249 wwwirongeekcom
httpIrongeekcom
Host name to IP lookup nslookup wwwirongeekcom
Reverse lookup nslookup 20897169250
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Host name to IP lookup nslookup wwwirongeekcom
Reverse lookup nslookup 20897169250
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Just a few record types cribbed from httpenwikipediaorgwikiList_of_DNS_record_types
Code Number Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address most commonly used to map hostnames to an IP address of the host but also used for DNSBLs storing subnet masks in RFC 1101 etc
AAAA
28 RFC 3596 IPv6 address record
Returns a 128-bit IPv6 address most commonly used to map hostnames to an IP address of the host
MX 15 RFC 1035 mail exchange record
Maps a domain name to a list of mail exchange servers for that domain
CNAME 5 RFC 1035 Canonical name record
Alias of one name to another the DNS lookup will continue by retrying the lookup with the new name
PTR 12 RFC 1035 pointer record Pointer to a canonical name Unlike a CNAME DNS processing does NOT proceed just the name is returned The most common use is for implementing reverse DNS lookups but other uses include such things as DNS-SD
AXFR 252 RFC 1035 Full Zone Transfer
Transfer entire zone file from the master name server to secondary name servers
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Zonetransfers
Bruteforcing from a dictionary
Nmap ndashsL ltsome-IP-rangegt
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
dig irongeekcom any
dig ns1dreamhostcom irongeekcom any
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
CDocuments and SettingsAdriangtnslookup
Default Server resolver1opendnscom
Address 20867222222
gt set type=ns
gt irongeekcom
Server resolver1opendnscom
Address 20867222222
Non-authoritative answer
irongeekcom nameserver = ns1dreamhostcom
irongeekcom nameserver = ns2dreamhostcom
irongeekcom nameserver = ns3dreamhostcom
gt server ns1dreamhostcom
Default Server ns1dreamhostcom
Address 6633206206
gt ls irongeekcom
[ns1dreamhostcom]
Cant list domain irongeekcom Query refused
gt exit
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
AXFR = Asynchronous Full Transfer Zone
Domain Internet Groper dig ugentbe ns dig ugdns1ugentbe ugentbe axfr
Or maybe this form DigiNinja dig axfr ns12zoneeditcom zonetransferme
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Other tools in BackTrack dnsreconpy -d ugentbe ndashx dnsenumpl ugentbe
ServerSniff httpserversniffnetnsreportphp httpserversniffnetcontentphpdo=subdomains
GUI Dig for Windows httpnscanorgdightml
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Fierce httphackersorgfierce fiercepl -threads 100 -dns irongeekcom fiercepl -dns irongeekcom -wordlist dictionarytxt
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
nmap -sL ltsome-IP-rangegt
nmap -sL 1920321-10
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Great for troubleshooting bad for privacy
Who owns a domain name or IP
E-mail contacts
Physical addresses
Name server
IP ranges
Who is by proxy
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
apt-get install whois
whois examplecom
whois 20897169250
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
nix Command line
Nirsoftrsquos httpwwwnirsoftnetutilswhois_this_domainhtml
httpwwwnirsoftnetutilsipnetinfohtml
Pretty much any network tools collection
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
RobTex httpwwwrobtexcom
ServerSniff httpwwwserversniffnet
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Windows (ICMP) tracert irongeekcom
nix (UDP by default change with ndashI or -T) traceroute irongeekcom
Just for fun httpwwwnabberorgprojectsgeotrace
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
So you have a job posting for an Ethical Hacker huh
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
The organizationrsquos website (duh)
Corp Info httpwwwpentest-standardorgindexphpPTES_Technical_GuidelinesCorporate
Wayback Machine httpwwwarchiveorg
Monster (and other job sites) httpwwwmonstercom
Zoominfo httpwwwzoominfocom
Google Groups (News groups Google Groups and forums)
httpgroupsgooglecom
Boards httpboardreadercom httpomgilicom httpgroupsgooglecom
LinkedIn httpwwwlinkedincom
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Itrsquos all about how this links to that links to some other thinghellip
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Fake profile I made up to use for class
Dropped some Dox at a few places
May sound creepy but you can practice with names from dating sites
Remember what you learned from 4chan
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Large list at
httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
Useful
httpcomlullarcom
httpwwwpeekyoucom
httpwwwcheckusernamescom httpknowemcom
httpwwwisearchcom
httpwwwwhitepagescom
Not quite related but cool
httptineyecom
httppipesyahoocompipes
Crap
Most of them
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
General
httpyouropenbookorg
Geolocation
httpwwwbingcommaps
httptwittermapappspotcom
httpwwwfourwherecom
httpicanstalkucom
httpip2geolocationcom
Neighbors
httpwwwwhitepagescomfind_neighbors
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Maltego httpwwwpatervacomweb5
See differences httpwwwpatervacomweb5clientdifferencephp
NetGlub httpwwwnetgluborg
Covers a large cross section of what this class is about
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
George Bronk
Found info on womenrsquos Facebook profiles
Used information to answer security question at mail providers
Found nudes
Posted some sent them to contacts lists asked for more
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Should you have a profile
What if you donrsquot
Impersonators
Robin Sage (by Thomas Ryan)
Get in peoples friends list to probe their connections
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
More than just turning off safe search (though thatrsquos fun too)
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
PII (Personally identifiable information)
Email address
User names
Vulnerable web services
Web based admin interfaces for hardware
Much morehelliphellip
YOU HAVE TO USE YOUR IMAGINATION
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Operators Description
site Restrict results to only one domain or server
inurlallinurl All terms must appear in URL
intitleallintitle All terms must appear in title
cache Display Googlersquos cache of a page
extfiletype Return files with a given extensionfile type
info Convenient way to get to other information about a page
link Find pages that link to the given page
inanchor Page is linked to by someone using the term
httpwwwgoogleguidecomadvanced_operatorshtml
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Operators Description
- Inverse search operator (hide results)
~ synonyms
[][] Number range
Wildcard to put something between something when searching with ldquoquotesrdquo
+ Used to force stop words
OR Boolean operator must be uppercase
| Same as OR
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
inurlnph-proxy siteedu
intitleindexofetc
intitleindexof siteirongeekcom
filetypepptx siteirongeekcom
vnc desktop inurl5800
adrian crenshaw -siteirongeekcom
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
SSN filetypexls | filetypexlsx
dig axfrrdquo
inurladmin
inurlindexFrameshtml Axis
inurlhpdevicethisLCDispatcher
ldquo192168rdquo (but replace with your IP range)
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
195608_100002238375103_5292346_njpg
inurl100002238375103
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
inurlesterpent
inurlester1337
intitleester1337
inurluser inurlirongeek -siteirongeekcom
inurlaccount irongeekldquo
sitefacebookcom inurlgroup (ISSA | Information Systems Security Association)
sitelinkedincom inurlcompany (NSA | National Security Agency)
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Exploit DB Google Dorks httpwwwexploit-dbcomgoogle-dorks
Old School httpwwwhackersforcharityorgghdb
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Metagoofil httpwwwedge-securitycommetagoofilphp
The Harvester theHarvesterpy -d irongeekcom -l 100 -b google
Online Google Hacking Tool httpwwwsecappscomaghdb
Spiderfoot httpwwwbinarypoolcomspiderfoot
Goolag httpgoolagorg
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Gooscan Should be on BackTrack CDVM
Wikto httpwwwsensepostcomresearchwikto
SiteDigger httpwwwmcafeecomusdownloadsfree-toolssitediggeraspx
BiLE httpwwwsensepostcomresearch_mischtml
MSNPawn httpwwwnet-squarecommsnpawnindexshtml
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
JSONAtom httpcodegooglecomapiscustomsearchv1overviewhtml
Old httpcodegooglecomapiswebsearch
Really Old SOAP
EvilAPI httpevilapicom (defunct)
Spud httpwwwsensepostcomlabstoolspentestspud
I can Haz API keyz httpsgithubcomsearch
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Small image on a page you control
Log IPs that contact you
Find the IPs from organizations that have your resume
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
ltphp
header(Content-type imagepng)
$im = imagecreatefrompng(1by1PNG)
imagecolortransparent ( $imimagecolorallocate($im 255 255 255))
imagepng($im)
imagedestroy($im)
$hostname=gethostbyaddr($_SERVER[REMOTE_ADDR])
$QUERY_STRING = preg_replace([^a-zA-Z0-9_] $_SERVER[QUERY_STRING])
Write Log
$filename = webbugcsv
$fp = fopen($filename a)
$string =$QUERY_STRING
$_SERVER[REMOTE_ADDR]
$hostname
$_SERVER[HTTP_USER_AGENT]
$_SERVER[HTTP_REFERER]
date(D dS MY hi a)n
$write = fputs($fp $string)
fclose($fp)
end Write Log
gt
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Data about data
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Dennis Rader (BTK Killer)
Metadata in a Word DOC he sent to police had the name of
his church and last modified by ldquoDennisrdquo in it
Cat Schwartz
Is that an unintended thumbnail in your EXIF data or are
you just happy to see me
DarkanakuNephew chan
A user on 4chan posts a pic of his semi-nude aunt
taken with an iPhone Anonymous pulls the EXIF
GPS info from the file and hilarity ensues More details can be on the following VNSFW site
httpencyclopediadramaticacomUserDarkanakuNephew_chan
httpwebarchiveorgweb20090608214029httpencyclopediadramatica
comUserDarkanakuNephew_chan
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Higinio O Ochoa of CabinCr3w should have know if you are going to post a stripped picture of your girlfriend on a defaced website strip the image of EXIFGPS data too
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all
MAC addresses user names edits GPS info It all depends on the file format
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Strings
FOCA (use compatibility mode if needed)
httpwwwinformatica64comDownloadFOCA
Metagoofil httpwwwedge-securitycommetagoofilphp
EXIF Tool httpwwwsnophyqueensuca~philexiftool
EXIF Viewer Plugin httpsaddonsmozillaorgen-USfirefoxaddon3905
Jeffreys Exif Viewer httpregexinfoexifcgi
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
EXIF Reader httpwwwtakenetorjp~ryuujiminisoftexifreadenglish
Flickramio httpuserscriptsorgscriptsshow27101
Creepy httpilektrojohngithubcomcreepy
Pauldotcom httpwwwgooglecomsearchhl=enampq=metadata+site3ApauldotcomcomampbtnG=Search
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Stuff that does not quite fit anywhere else
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
httpwwwirongeekcomiphppage=securityhow-to-cyberstalk-potential-employers
Also let us not forget HTTP headers
HTTP11 200 OK
Content-Type textjavascript charset=UTF-8
Cache-Control no-cache no-store max-age=0 must-
revalidate
Pragma no-cache
Expires Fri 01 Jan 1990 000000 GMT
Date Wed 18 May 2011 153403 GMT
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1 mode=block
Content-Length 1269
Server GSE
LiveHeaders Plugin
httpwwwshodanhqcom
httpspanopticlickefforg
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
User-agent
Disallow private
Disallow secret
httpwwwirongeekcomrobotstxt
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
httpwwwirongeekcomiphppage=securityigigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
httpsamyplandroidmap
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
OSInt Cyberstalking Footprinting and Recon Getting to know you httpwwwirongeekcomiphppage=videososint-cyberstalking-footprinting-recon
Links for Doxing Personal OSInt Profiling Footprinting Cyberstalking httpwwwirongeekcomiphppage=securitydoxing-footprinting-cyberstalking
PTES Technical Guidelines httpwwwpentest-standardorgindexphpPTES_Technical_Guidelines
VulnerabilityAssessmentcouk - An information portal for Vulnerability Analysts and Penetration Testers httpwwwvulnerabilityassessmentcoukPenetration20Testhtml
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Social Zombies - Kevin Johnson and Tom Eston httpwwwyoutubecomwatchv=l79q2G3E8HY httpwwwyoutubecomview_play_listp=C591646E9B0CF33B httpvimeocom18827316
Satan is on my Friends List - Shawn Moyer and Nathan Hamiel httpwwwyoutubecomwatchv=asj8yzXihcc
Using Social Networks To Profile Find and 0wn Your Victims - Dave Marcus httpwwwirongeekcomiphppage=videosdojocon-2010-videosUsing20Social20Networks20To20Profile20Find20and200wn20Your20Victims
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
httpIrongeekcom
Derbycon Sept 27th-30th 2012
httpwwwderbyconcom
Others httpwwwlouisvilleinfoseccom
httpskydogconcom
httphack3rconorg
httpouterz0neorg
httpphreaknicinfo
httpnotaconorg
Ph
oto
Cre
dits to
KC
(d
eva
uto
) Derb
yco
n A
rt Cre
dits
to D
igiP
httpIrongeekcom
42
Twitter Irongeek_ADC
top related