ISSAC LAB REPORT 01

Passive Information Gathering

AUGUST 10, 2019

SLIIT
BM16401372- B. Mathipriya
Active and Passive Information Gathering
Information gathering is known as gathering information about the targeted victim/system. This is
the known as the basic step in ethical hacking. When the hackers gather more information, it will
help to obtain better results. Two types of information gathering are active and passive.
Active Information Gathering

This category involves the engagement with the organization directly. Techniques like social
engineering, nmap scan is used under this category.

TYPES OF SOCIAL
ENGINEERING

Passive Information Gathering

This category omits the engagement with the targeted organization. Below we have discussed how
some of the passive information gathering techniques works:
1. Google Hacking (also known as Google Dorks)

This screenshot shows that

through “site: co.uk info
hotels”, Google can retrieve
the hotels website ending with
‘co.uk’.

Figure 1 Hotel Details

1
 This screenshot shows that through
“intitle: SLIIT”, Google will
retrieve any websites with ‘SLIIT’
in the title.

Figure 2 SLIIT

This screenshot shows that through

“filetype: pdf the origin by
danbrown”, Google will retrieve
the pdf with the title ‘Origin’ by
Dan Brown. It is possible with
other excel (xls), Joint
Photographic Experts Group (JPG)
format.

Figure 3 File type

2
 This screenshot shows that
through “filetype: xls sri
lankan army”, Google will
retrieve the excel sheet with
the title Sri Lanka Army.

Figure 4 File type (Excel format)

This screenshot shows that

through “index of mkv
avengers”, Google will retrieve
films or videos index with
‘Avengers’ name on it and in
Matroska Video file format.

Figure 5 Video

3
2. Shodan.io

Shodan is a search engine that lets the user find specific types of computers (webcams, routers,
servers, etc.) connected to the internet using a variety of filters.

4
The above screenshot shows that dialog have several servers for data backup and load balance.
3. Wayback Machine

This website is used to view the interface of any website at a given point of time. This website was
created to provide a place to preserve digital artifacts for researchers, historians, etc., but can just

5
as easily be used for entertainment to see what a page used to look like, like Google way back in
2001

Time Graph which

can be clicked on.

This screenshot shows the graph of the www.facebook.com website’s interface at different time.

This is the interface of www.facebook.com on February 01st 2012.

6
This screenshot shows the graph of the ‘www.sliit.lk’ website’s interface at different time.

This is the interface of www.sliit.lk on October 18th 2016.

7
4. NetCraft

Netcraft is used to find out the reports on a given website.Netcraft also provides security testing,
and publishes news releases about the state of various networks that make up the Internet

The above screenshots shows the reports on www.facebook.com

8
The above screenshots shows the reports on www.sliit.lk
5. Alexa

Alexa is used to find out the most used website in a country or global wise. The above screenshots
shows the most used website ranking in Sri Lanka.

6. https://www.flightradar24.com/

9
The above screenshot shows the flights in the sky at this moment.
7. https://www.marinetraffic.com/

The above screenshot shows ships in the sea at this moment.

10