Gathering Information for Penetration Testing Using Search Engines Discovery and OWASP ZAP
Gathering Information for Penetration Testing Using Search Engines Discovery and OWASP ZAP
Using a search engine discovery is another great option for gathering intelligence about a penetration testing target. A search engine query can be direct or indirect. The direct method is where the search engine can be sued to dig into the indexes and contents from caches. The indirect method is where sensitive information such as the design and configuration of the website could be assessed by searching about the target in forums or social media sites.
To proceed with trying to understand how to find out of there is a sensitive design and configuration vulnerability in an application or a website, try to use some of the search engines such as Chrome, Baidu, Bing, Duck Duck Go, and Punkspider.
Tags