DevSecOpsJan Kahmen8 min read

Information Gathering

Information gathering is the process of collecting information about a target system or network in order to identify vulnerabilities and plan an attack. In a penetration test, the goal of information gathering is to gather as much information as possible about the target system.

Table of Content

Information gathering is the process of collecting information about a target system or network in order to identify vulnerabilities and plan an attack. In a penetration test, the goal of information gathering is to gather as much information as possible about the target system or network in order to identify potential vulnerabilities and develop an attack plan.

Enumerate Infrastructure and Organizations

There are several techniques that can be used for information gathering in a penetration test, including:

  • Network scanning: This involves using tools to scan the target network and identify live systems, open ports, and services.
  • Port scanning: This involves using tools to scan specific ports on the target system to identify open ports and the services running on them.
  • Vulnerability scanning: This involves using tools to scan the target system for known vulnerabilities and misconfigurations.
  • Social engineering: This involves using tactics such as phishing and pretexting to trick individuals into divulging sensitive information or access to the target system.
  • Open source intelligence (OSINT): This involves using publicly available information, such as social media profiles, company websites, and public records, to gather information about the target system or network.

By gathering as much information as possible about the target system or network, a penetration tester can identify potential vulnerabilities and develop a more effective attack plan.

Enumerate Applications on a Web Server

To enumerate applications on a web server, you can use a variety of tools and techniques. Some common approaches include:

  • Directory enumeration: You can use tools such as dirb, gobuster, or wfuzz to enumerate directories on the web server. These tools can be configured to search for specific file names or directory structures, and can help identify hidden directories or applications that may not be accessible through the web server's normal directory structure.
  • Spidering: You can use tools such as Burp Suite or ZAP to spider the web server, which involves following links and crawling through the site to identify all the pages and resources that are available. This can help identify hidden pages or applications that may not be easily accessible.
  • Server header analysis: You can use tools such as cURL or Wget to send HTTP requests to the web server and examine the server headers in the response. This can help identify the type of web server software that is being used, as well as any additional applications or resources that may be hosted on the server.
  • Source code analysis: If you are able to access the source code of the web application, you can manually review the code to identify any additional applications or resources that may be included.

By using these techniques, you can enumerate the different applications and resources that are hosted on the web server, which can help identify any unnecessary or unused applications that may be vulnerable to attack.

Enumerate Applications on a Mobile Application

To enumerate the software that is used in a mobile application, you can try the following approaches:

  • Check the application's documentation or website: Many mobile applications provide documentation or a website that lists the software and technologies that are used to build the app. This information may be provided in the app's "About" or "Help" section, or on the app's website.
  • Inspect the app's code: If you have access to the source code of the mobile application, you can inspect the code to see what libraries, frameworks, and other software are being used.

There are several tools available that can analyze a mobile app and provide information about the software and technologies that are used in the app. Some examples of these tools include:

  • Mobile App Reverse Engineering Tools: These tools allow you to decompile and analyze the code of a mobile app to understand how it is built and what it does. Examples include tools like Jadx, Apktool, and DEX2JAR.
  • Mobile App Analysis Platforms: These platforms provide a range of analysis and testing capabilities for mobile apps, including the ability to inspect the app's code, analyze its performance and security, and identify any vulnerabilities or issues. Examples include tools like Mobile Security Framework (MobSF), AndroBug Framework, and AppKnox.
  • Mobile App Debugging Tools: These tools allow you to debug and analyze the behavior of a mobile app as it is running on a device or emulator. Examples include tools like Android Debug Bridge (ADB), Xcode, and Visual Studio.
  • Mobile App Testing Tools: These tools allow you to test the functionality and performance of a mobile app, and can provide information about the app's behavior and any issues that are encountered. Examples include tools like Appium, Robotium, and Espresso.

Keep in mind that it may not always be possible to enumerate all the software that is used in a mobile application, as some apps may use proprietary or proprietary-like libraries or frameworks that are not publicly disclosed.

Discovering Information Leakage on Search Engines

Search engines can be a valuable tool for discovering information leakage in a web application. To use search engines to discover information leakage, you can follow these steps:

  • Identify relevant search terms: Begin by brainstorming a list of relevant search terms that might uncover information about the target web application. These might include the name of the application, the name of the company or organization that developed the application, and any other relevant keywords.
  • Perform searches: Use a search engine such as Google to search for the identified search terms. Be sure to include quotes around multiple-word phrases to ensure that the search engine returns only results that include the exact phrase.
  • Review search results: Review the search results to identify any information that might be relevant to the target web application. This might include links to pages on the target application, documents or files that have been uploaded to the web, or other sources of information.
  • Analyze results: Analyze the results to identify any sensitive or confidential information that may have been inadvertently leaked through the web application. This might include login credentials, confidential documents, or other sensitive data.

By using search engines to discover information leakage, you can identify any sensitive or confidential information that may have been accidentally made available to the public through the web application. This can help identify potential vulnerabilities and improve the security of the application.

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.

screenshot-dashboard.webp