Other Techniques for Footprinting through Search Engines
Gathering Information Using Google Advanced Search, Advanced Image Search, and Reverse Image Search
An attacker cannot always gather information easily from an information-rich site using only a normal search box. A complicated search involves a number of interrelated conditions.
Google's Advanced search feature helps an attacker to perform complex web searching. With Google Advanced Search and Advanced Image Search, one can search the web more precisely and accurately. You can use these search features to achieve the same precision as that achieved using the advanced operators but without typing or remembering the operators. Using Google's Advanced Search option, you can find sites. that may link back to the target organization's website. This helps to extract information such as partners, vendors, clients, and other affiliations of the target website. You can use Google Advanced Image Search to acquire images of the target, its location, employees,and so on.
To perform an advanced search in Google, click Settings at the bottom-right of the Google home page, and then choose Advanced search in the menu or directly type https://www.google.com/advanced_search in the address bar. Advanced search allows you to specify any number of criteria that the search must match, as this pattern builds. on the search box pattern by adding more search options. To do this, you choose a field. Then, enter the string you want to search for in the field's text box and click on the Advanced Search button. By default, various values are joined together with "and" (meaning all of them need to match) except for sets, blocks, and formats, which are joined together with "or" (meaning any of them can match).
To perform an advanced image search in Google, type https://www.google.com/advanced_image_search in the address bar. Advanced image search allows you to tweak your image search in a number of ways. You can search based on image color, domain, file type, size, keyword, and so on. To do this, you choose a field. Then, enter the string you want to search for in the field’s text box and click on the Advanced Search button.
Gathering Information from Video Search Engines
Video search engines are Internet-based search engines that crawl the web for video content. These video search engines either provide the functionality of uploading and hosting video content on their own web servers or parse video content that is hosted externally. The video content obtained from video search engines is of high value, as it can be used for gathering information about the target. Video search engines such as YouTube, Google videos, Yahoo videos, and Bing videos allow attackers to search for video content based on the format type and duration.After searching for videos related to the target using video search engines, an attacker can further analyze the video content to gather hidden information such as the time/date and thumbnail of the video. Using video analysis tools such as YouTube Metadata, YouTube DataViewer, EZGif, and VideoReverser.com, an attacker can reverse a video or convert a video into text and other formats to extract critical information about the target.
Gathering Information from Meta Search Engines
Meta search engines are a different type of search engines that use other search engines (Google, Bing, Ask.com, etc.) to produce their own results from the Internet in a very short time span. These search engines do not have their own search indexes; instead, they take the inputs from the users and simultaneously send out the queries to the third-party search engines to obtain the results. Once sufficient results are gathered, they are ranked according to their relevance and presented to the user through the web interface. Meta search engines also include a functionality whereby identical search results are filtered out so that if the user searches the same query again, then it will not display the same results twice. A meta search engine is advantageous compared to simple search engines, as it can retrieve more results with the same amount of effort. Using meta search engines, such as Startpage, MetaGer, and eTools.ch, attackers can send multiple search queries to several search engines simultaneously and gather substantially detailed information such as information from shopping sites (Amazon, eBay, etc.), images, videos, blogs, news, and articles from different sources. Further, meta search engines also provide privacy to the search engine user by hiding the user’s IP address.
Gathering Information from File Transfer Protocol (FTP) Search Engines
FTP search engines are used to search for files located on FTP servers that contain valuable information regarding the target organization. Many industries, institutions, companies, and universities use FTP servers to store large file archives and other softwareshared among their employees. A special client such as FileZilla (https://filezilla- project.org) can be used to access FTP accounts; it also supports functionalities such as uploading, downloading, and renaming files. Although FTP servers are usually protected with passwords, many servers are left unsecured and can be accessed directly through web browsers.
Using FTP search engines such as NAPALM FTP Indexer, FreewareWeb FTP File Search, and Globalfilesearch.com, attackers can search for critical files and directories containing valuable information such as business strategies, tax documents, personal employee records, financial records, licensed software, and other confidential information. Some of the important advanced Google search queries for finding FTP servers are listed in the below table.
Gathering Information from IoT Search Engines
Internet of Things (IoT) search engines crawl the Internet for loT devices that are publicly accessible. Through a basic search on these search engines, an attacker can gain control of Supervisory Control and Data Acquisition (SCADA) systems, traffic control systems, Internet-connected household appliances, industrial appliances, CCTV cameras, etc. Many of these lot devices are unsecured, i.e., they are without passwords or they use the default credentials, which can be exploited easily by attackers.With the help of lot search engines such as Shodan, Censys, and Thingful, attackers can obtain information such as the manufacturer details, geographical location, IP address, hostname, and open ports of the target IoT device. Using this information, the attacker can establish a back door to the lot devices and gain access to them to launch further attacks.
note : so guys im making a series on the beginner to advanced level Footprinting and Reconnaissance topic .join me on this journey by following and supporting through comments… stay safe stay online
˚∧_∧ + — ̳͟͞͞💗
( •‿• )つ — ̳͟͞͞ 💗 — ̳͟͞͞💗 +
(つ < — ̳͟͞͞💗
| _つ + — ̳͟͞͞💗 — ̳͟͞͞💗 ˚
`し´ Here Im agape siginning off
