# Scour the Web

## Google Fu

### Subdomain Enumeration

\<Keyword> \<site name>

```
site:*.wikimedia.org 
```

### File Extensions

Find php (or any datatype), txt and log files

```
site:*.example.org ext:php | ext:txt | ext:log
```

## Old Files

Old files (which haven't been deleted but are no longer in use) may be in Google's archives. Refer to OWASP testing guide v4's "Google Hacking" for more info.

## Code Repositories

Look up the target on  github, gitlab, bitbucket etc

Gitrob can be used to query Github and search sensitive files from the command line itself for specific organisations.

Trufflehog is a tool that searches for secrets, you can use that on the repos.

## Cloud Storage

If you can find a company's cloud storage container (like an Amazon S3 bucket), then you might see interesting things there. They can be easy to misconfigure.

## Info Gathering Services

Shodan

Ichidan

data.com

## Hiring Platforms, Company page

Take a look at LinkedIn, and the company website's "Careers" page. You'll probably find:

* &#x20;technologies used by the company.
* employee names&#x20;

## Whois

Run a whois search to get a website owner's information:

* Name
* Email address

Search these in password dumps, correlate with admin accounts.

Ripe.net - whois\
Internet.ee - whois for estonian sites

## Virustotal

Surprisingly, you can get a bunch of information from virustotal:

* Subdomains
* Scanned files

Go to "Search" on [virustotal](https://www.virustotal.com) and search for the domain you care about.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://heinosass.gitbook.io/leet-sheet/reconnaissance/google-fu.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.