Sorry if this is in the wrong section, it's a little tutorial I made a while ago, and figured I'd post it here

Basic approach to information gathering
Date: Sunday, April 17, 2009

First you must know what your target is, a regular computer, a website, an account
on a website, etc. This information will help you later when exploiting the target
and discovering information.

It is completely legal to know the following things, as they are available to the public:

* First name
* Last name
* Where they are from
* What OS they run
* Their web browser
* Username (of the ISP, and websites they belong to)
* IP address
* Phone number
* Street address
* Services/daemons running on their system

Now I will discuss some techniques used to find this information.

&& Google:
Google is a very powerful tool, and it is anonymous.
To learn more about a site just type site:type site name here
and you will see all of it's subdomain's indexed by Google.

You can also use this with usernames, emails, and other information you gather
(of course not using the "site:" string)

You would do that because user's may use the same email/username for multiple sites,
and there you could discover more about your target.

&& Emails
If you can get someone to email you back look in the headers of the email. From here
you can gain IP addresses, dates, what mail service they are running (thunderbird,
web based, etc.) and more info.

&& Finger
It runs on port 79, and using it you can find info about the server running it.
Using this you can get info such as owner's name, if the system is up, uptime/downtime,
and sometimes even a phone number and address.

Finger can be used by telnetting to port 79 (windows), Getting a Unix shell account and
using the finger command, or samspade, from

&& whois
whois looks up info about a domain name, it checks InterNIC's database for information,
such as ISP, where they live, etc.

&& Port Scanning
This is very important, I reccommend Nmap for this, you can get it at, (check out the site, it's a great resource)
Basically Nmap will scan your target and check which ports are open,
closed, and filtered. Nmap is a powerful tool, I reccommend you get
familiar with it.

&& Services/Daemons
If you happen to find an open port you can telnet to it and check what is running on it,
the version, and you can sometimes exploit it. Check sites like and for possible exploits. Doing this is sometimes reffered to as banner grabbing.

&& social engineering
Asking the user!! Some of the best hackers used social engineering to get them closer to
their targets, take Mitnick as an example, he was very familiar with how computers and
phone networks worked, and used this to exploit the user to gain more information.
(Emails, secret info, etc.) Here I would incluse phishing attempts and IP catchers (which can be coded in PHP).

&& Whats's next?
Usually exploitation, have fun.

&& info

I don't care if you redistribute this, just give me credit.

Good information, some outdated, but good. (Does anyone run the finger service anymore?)

Thanks for the article.

Some do I'm sure, and I bet some larger ISP's keep it open.

Thanks for the article.

Aresume work there!!!
The finger cmd is something that i wouldn't use every its a little outdated for me...
Google it an amazing source of free legal info, there are millions to tuts on how to use the "better" features of google...

also you want to be careful with social engineering these days... the general public knows about hackers and hacking so Social engineering is pretty widely know... not saying it doesn't work just the outdated methods will get you seriously busted...