MITRE ATT&CK / T1593.002
T1593.002
Search Engines
Description
Adversaries may use search engines to collect information about victims that can be used during targeting. Search engine services typical crawl online sites to index context and may provide users with specialized syntax to search for specific keywords or specific types of content (i.e. filetypes).(Citation: SecurityTrails Google Hacking)(Citation: ExploitDB GoogleHacking)Adversaries may craft various search engine queries depending on what information they seek to gather. Threat actors may use search engines to harvest general information about victims, as well as use specialized queries to look for spillages/leaks of sensitive information such as network details or credentials. Information from these sources may reveal opportunities for other forms of reconnaissance (ex: [Phishing for Information](https://attack.mitre.org/techniques/T1598) or [Search Open Technical Databases](https://attack.mitre.org/techniques/T1596)), establishing operational resources (ex: [Establish Accounts](https://attack.mitre.org/techniques/T1585) or [Compromise Accounts](https://attack.mitre.org/techniques/T1586)), and/or initial access (ex: [Valid Accounts](https://attack.mitre.org/techniques/T1078) or [Phishing](https://attack.mitre.org/techniques/T1566)).
Platforms
Mitigations
- M1056 — Pre-compromise
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- How to use FOCA for footprinting a target
- Footprinting Through Search Engines
- What is deep web, dark web and surface web?
- How to install theHarvester tool
- Best Information Gathering Tools
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →