Security breaches can have a direct impact on a company’s reputation. Attackers can leverage information from past security breaches that an organization might have experienced. They may, for example, leverage the following data while trying to gather information about their victims:

Password dumps

Attackers can leverage password dumps from previous breaches. There are a number of ways that an attacker can get access to such password dumps, such as by using Pastebin, dark web websites, and even GitHub in some cases. Several different tools and websites make this task very easy. An example of a tool that allows you to find email addresses and passwords exposed in previous breaches is h8mail. You can install h8mail by using the pip3 install h8mail command

The following are additional tools that allow you to search for breach data dumps:

• WhatBreach: *https://github.com/Ekultek/WhatBreach*
• LeakLooker: *https://github.com/woj-ciech/LeakLooker*
• Buster: *https://github.com/sham00n/buster*
• Scavenger: *https://github.com/rndinfosecguy/Scavenger*
• PwnDB: *https://github.com/davidtavarez/pwndb*

Tools like h8mail and WhatBreach take advantage of breached data repositories of websites such as haveibeenpwned.com and snusbase.com. Historically, websites such as weleakinfo.com (seized by the FBI) have been used by criminals to dump information from past security breaches.

File Metadata

You can obtain a lot of information from metadata in files such as images, Microsoft Word documents, Excel files, PowerPoint files, and more. For instance, Exchangeable Image File Format (Exif) is a specification that defines the formats for images, sound, and supplementary tags used by digital cameras, mobile phones, scanners, and other systems that process image and sound files.

Several tools can show Exif details. One of the most popular of them is ExifTool.

$exiftool IMG_4730.jpg

Strategic Search Engine Analysis/Enumeration

Most of us use search engines such as DuckDuckGo, Bing, and Google to locate information. What you might not know is that search engines, such as Google, can perform much more powerful searches than most people ever dream of. Google can translate documents, perform news searches, and do image searches. In addition, hackers and attackers can use it to do something that has been termed Google hacking.

By using basic search techniques combined with advanced operators, both you and attackers can use Google as a powerful vulnerability search tool. The following are some advanced operators:

• Filetype: Directs Google to search only within the text of a particular type of file (for example, filetype:xls)
• Inurl: Directs Google to search only within the specified URL of a document (for example, inurl:search-text)
• Link: Directs Google to search within hyperlinks for a specific term (for example, link:www.domain.com)