Ethical Hacking: Target Scooping and Information Gathering

Before we do our “hacking”, first we must know the type of target that we want to hack. This is called Target Scooping. Target Scooping starts by gathering client requirements, preparing test plan, profiling test boundaries, defining the goal from bussiness objectives and project management & scheduling

After we done with all of the things above. We start by collecting customer information. By customer information, it means all about the customer. Company name, address, website, details, e-mail address, event phone number. After we finish with it, we then create the objectives and type of penetration testing and also details about devices, os, and network to be tested.

The reason we need all about the customer is because it could be useful to us. There are many tools on internet that we can use to help our hacking. This activity is called Competitive Intelligence which means to gather data and information using technology. Even google.com can be used to help our “hacking”.

Here in the example above, we can see that by using “inurl”, we can search any website that have the url of “what you searched”. We can also used filetype, “intitle”, and many more.

There are also many website outside that can help us to find data about our target. One of the example is whois.net that can help us find IP and Domain address

 

And also robtext.com that gives us detailed data and analysis about the target