Listen to this Post
Today was all about information gathering, and I gained serious clarity on key recon techniques.
🔍 OSINT Progress
Practiced Google Fu & using Shodan a lot from OccupyTheWeb’s OSINT course (some details can’t be shared, but let’s just say live cameras are more vulnerable than you think).
🛠 Ethical Hacking with TCM Security
Started TCM Academy’s Ethical Hacking course and completed the Information Gathering chapter. Current progress: 22%
Finally bridged some knowledge gaps on BurpSuite—shoutout to TCM Heath for making it crystal clear.
📂 Organized My Notes & Resources
Compiled a structured, easy-to-digest OSINT & Info Gathering guide based on today’s learning.
If you’re learning OSINT or recon, feel free to check it out.
If you’re serious about ethical hacking, highly recommend subscribing to TCM Academy—they explain complex topics in a practical way that actually sticks.
Practice Verified Codes and Commands
1. Google Dorking (Google Fu):
– `site:example.com filetype:pdf`
– `intitle:”index of” “parent directory”`
– `inurl:/wp-content/uploads/`
2. Shodan Search:
– `shodan search webcam`
– `shodan host
3. BurpSuite Commands:
- Start BurpSuite: `java -jar burpsuite.jar`
- Intercept requests: Enable Proxy > Intercept tab
- Spider a website: Right-click > Spider this host
4. Linux OSINT Tools:
- Install
theHarvester: `sudo apt install theharvester` - Run
theHarvester: `theHarvester -d example.com -b google` - Install
recon-ng: `sudo apt install recon-ng` - Run
recon-ng: `recon-ng -w workspace_name`
What Undercode Say
OSINT and ethical hacking are critical skills in today’s cybersecurity landscape. Tools like Shodan and Google Dorking allow you to uncover vulnerabilities in systems, while BurpSuite helps in analyzing web applications for security flaws. For instance, using Shodan, you can identify exposed devices like webcams or IoT devices, which are often left unsecured.
Linux commands and tools like `theHarvester` and `recon-ng` are indispensable for information gathering. For example, `theHarvester` can help you find subdomains and email addresses associated with a target domain, while `recon-ng` provides a powerful framework for reconnaissance.
Windows users can leverage PowerShell for OSINT tasks. For example, `Invoke-WebRequest` can be used to scrape web data:
Invoke-WebRequest -Uri "https://example.com" -OutFile "output.html"
For ethical hacking, always ensure you have proper authorization before probing systems. Tools like BurpSuite require a solid understanding of HTTP protocols and web vulnerabilities. Practice using these tools in controlled environments like Hack The Box or TryHackMe.
Finally, continuous learning is key. Platforms like TCM Academy offer structured courses that make complex topics accessible. Combine this with hands-on practice to solidify your skills.
Useful URLs:
References:
Hackers Feeds, Undercode AI
