3 hours 55 minutes

Video Description

In this lesson, Subject Matter Expert Dean Pompilio introduces Social Engineering tools such as Google hacking. Google hacking techniques allow you to narrow search results considerably to give answers more quickly and to reduce noise and narrow results when performing a search. Can also use these tools on other search engines. You will learn about:

  • using special syntax to narrow your search results
  • using the link command to return pages that link to a specified URL
  • cache searching for deleted pages
  • using archive.org (the "wayback machine")
  • finding related links using operators
  • using search texts to find what you are looking for

SME Pompilio also discusses valuable resources to use: 1) the dorks section of www.exploitdb.com and 2) hackersforcharity.org, the Google hacking database. The next three lessons will present overview demonstrations of using Google hacking to save time; Maltego, which allows you to gather information about an organization and then make connections between those pieces of information; and the Recon-NG framework.

Video Transcription

All right, welcome back.
The next section that will be talking about is some of your other social engineering tools of one interesting
category of tools really is called Google Hacking.
Google has created ah, fantastic search engine. They've got these advanced operators which allow you to narrow down your search results considerably so that if you're looking for information about a target about an organization about the technology they use, whatever your goals might be,
you can use these Google hacking techniques
to give you the answer more quickly without having to sort through a bunch of noise that you don't really care about.
You could do some of these things with other search engines like Yahoo, for instance.
You have your BOOLEAN support and or not. These are things that are supported, but more interestingly, is the operators that let you specifically search for certain types of information. So we use this the syntax, for instance, we've got the link command.
You use link with the colon and you put some text after this and this shows you pages that have a particular link present. You can also you search for things that are inside of a cash
so if the cash might hold the content of a Web page, it's no longer being posted on the live Web sites, and that could be really useful.
You can also go to think something like Archive DOT or GE,
also known as the Wayback Machine
on archive Got or you confined older copies of a website that might contain information that has subsequently been removed. So it's another other great tip
anyway. Uh, we confined related links. So use the related operator with the colon and you confined,
uh, based on your search tax links that are related to what you're looking for.
And if you really want to get a lot of good information, go to exploit d b dot com and go to the Google Dorks section.
You can also go toe hackers for charity dot org's. That's the Google Hacking database
has quite a bit of good information in it.
So for the next series of demos,
I will demonstrate Google hacking techniques. We'll go through some different scenarios, showing you how you can get
the information that you need more quickly.
It saves a lot of time. Instead of sorting through a huge list of information, trying to decide what's important.
We'll also look at a great tool called multi go
multigoal, lets you gather information about an organization and then make connections between different pieces of that information in order to narrow things down in order to find something truly useful to the social engineering, audit or PEN test,
and then, lastly, will do a demo of Re Kon and G
Multi Go and re Kon Angie are very powerful tools or recount Angie's actually framework, but
in both cases, I'm only going to show you a few of the features and leave it up to you to take it from there. There's quite a bit more that you can learn,
and these tools can keep you busy for quite a while and your information gathering efforts.

Up Next

Social Engineering and Manipulation

In this online, self-paced Social Engineering and Manipulation training class, you will learn how some of the most elegant social engineering attacks take place. Learn to perform these scenarios and what is done during each step of the attack.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions