During a normal, usual penetration testing session the tester can use a broad range of free tools to scan the client's web application, web server, network, users, etc., and eventually he can write some new ones if he has time and experience in scripting. The information gathering (reconnaissance) phase is all about searching for data. This can be done by actively pinging the client's network and servers or...how else? In a passive way? That sounds much better in some cases...
Every piece of functionality is already coded somewhere by someone, you just have to find it.
Even the searching is automated. By whom? Google, for example. I guess you know this company. Very hard to escape from them. Good work, Larry & Sergey!
So the secret is that Google can help you a lot in the information gathering phase. You just have to be familiar with some searching operators, commands, which is interpreted by the Google searching engine and you will find your gold mine. You can find a lot of tutorials in the wild about the operators. Read everything carefully, take your time.
Also, you can find a lot of examples. You can practice based on this and other ideas. You'll be surprised.
You might ask the question: what can you find on the net?
Well, this question is not OK.
Better would be: is anything that you can NOT find on the internet?
Google search tricks for penetration testers (ethical hackers) are called google hacks or google dorks. There is even a database for these search phrases! I mean, at least one.
You can find passwords, SSNs, private pictures, hidden webcams, police reports, salary lists, etc, etc.
Oh. My. God.
Yes.
Learn something new every day about google search. Knowledge is power!
--- --- --- ---
Do you have a web page with important data? Do you sleep well?
--- --- --- ---
