Search engines as an information source

Search engines provide us with the means to answer any questions that we may have. Tools such as Google, Yahoo! or Bing have given us the ability to find the answer to any question, anytime we want. But these tools are very powerful as well for giving us information about the company or the environment that we plan to run the penetration test against. With various searches, you can look at various images of the environments that can help you lay out any physical security tests. You can also find any Google dorks who may have exposed some sensitive information about the environment. Google dorking is very popular in the information gathering phase.

Similar to Google, Shodan has emerged as the go-to search engine for any Internet connected devices. This search engine has great possibilities for exposing and divulging all sorts of information about an environment. Browsing the site can give you information on webcams that are connected to the Internet, search engine results of known vulnerable devices, C2C servers, botnets...the sky's the limit. Save yourself some time and stress, and utilize these tools to help understand the environment. You may quickly find out that the environment already has some large security issues before you even start to scan it.