Social Engineering - Part 1 - Information Gathering


The social engineer’s mantra is “I am only as good as the information I gather” and as most of you know, Information == Power. So it goes without saying that information gathering is the most important step of any SE Attack. Of course having good social skills and the ability to improvise may help you, but the more information you gather, the more you’re likely to suceed. To reduce the risk of failure, a good social engineer tries to find every bit of information, every little detail about the target (wether it’s a company or a human being). That being said, no piece of information is useless.


As you start gathering information and creating profiles on possible targets, it may be difficult to organize, manage and use that information so creating specific files might be a good idea. I personally recommend using Maltego CE as it is a very flexible tool and quite intuitive to use and comes pre-installed in Kali (?future tutorial maybe?)


When it comes to actually gathering information, you have to change the way you view everything, you have to analyze the collected information in various angles and perspectives, i.e instead of seeing trash as just garbage lying around, see it as an opportunity to obtain knowledge of your targets’ interests and what he likes/dislikes or what might seem an irrelevant blog or forum post, might actually contain some useful information…

A lot of information can be gathered by Google Dorking or looking into those “controlled isolated bubbles” (anyone got the reference?) we call social networks (Facebook, Twitter, LinkedIn, Instagram…). Due to the continous growth of social networks and the willingness of people to share so much about their lives, nowadays it’s really easy to gather information on a certain target and his “affiliates”, i.e their interests, habits, hobbies, family & friends etc… that can tell us alot about them and at the sometime allows us to do a great amount of recon without getting into direct contact with the target (“Passive Recon” if you will).

By visiting a companies’ website, or even a personal one, you can also retrieve a lot of valuable information, like what do they do and what services they offer, contact information (emails, phone numbers, etc), maybe a forum and probably a location.

It’s always a good idea to check any public data or public records, since they might have additional information like income/profit reports. Again, no piece of information is useless.

On a more physical approach, tailling and observing a given target is a great way to get to know their routines and help create a profile. After a methodical study of the targets’ routine you could approach him/her and engage in a casual conversation (NOTE: It’s really important to think ahead of the questions you’ll ask, to try and get information from the target with him/her knowing).
If your target is a corporation, you could start by doing some dumpster diving to obtain some confidential intel (you’d be surprised how careless people are with what they put in the trash), then you could map the CCTV’s (both internal and external) and try to find out how’s the access to the building, i.e keys, RFID or some other electronic device.

Part 2 (Coming when it’s ready…) ------> ELICITATION

And that’s it guys! Hope you enjoyed the post! If you have anything to add up here, feel free to post in the comments.


I’ve been waiting for this. Thank you for the tut! You seem very knowledgeable about the subject. Can’t wait for Part 2.

               With Respect,

Really excellent post man! “If in doubt, scrape it all out” - we can never have too much information, and that small piece of information we think is useless, might make the difference between the engagement going successfully and failing.

I love this series and am looking forward to your next installment :wink:

Nice post! I started a series on this particular subject on NB, and will continue it on here! BUT since a lot of new people have joined since then, ill probably re-post some of them here so you can easier follow along.

I’d like to add that I think it’s good you’re giving the ideal mindset and approach you should have when gathering information, because it really is like a buffet honestly.

My series will cover a more specific approach on how you’d gather information and probably even certain techniques you can use, i’ll have that out soon.

1 Like

You should totally do that! I’m just trying to give a general idea to the readers without going into much detail to be more beginner friendly.

Moved to How-To -> Social Engineering.

From now on, do you want me to put in the How To section and start adding tags?

1 Like

Yes. Add tags and place any tutorial in the How-To’s. @n3xUs

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.