A penetration tester is tasked with performing open-source intelligence (OSINT) on a target company. A primary objective is to gather employee email addresses associated with the company's domain. The tester needs an automated method that can query multiple public data sources, such as search engines and social media platforms, and aggregate the findings. Which of the following methods should the tester use to meet this requirement efficiently?
Relying on an open port sweep to identify any mail services
Scanning for hidden directories to find environment-based details
Using a script that submits requests to large search engines and combines results related to the domain
Gathering encryption data from public logs to build a list of addresses
A solution that automatically queries several search engine endpoints and aggregates domain-based mail addresses meets the goal of collecting information from multiple sources. A directory scanner focuses on hidden files rather than mail addresses, open port scanning is geared toward identifying server-side services, and examining certificate logs reveals security parameters rather than collating public mail addresses.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is OSINT in cybersecurity?
Open an interactive chat with Bash
How does a script automate searches across search engines?
Open an interactive chat with Bash
Why are certificate logs not useful for email gathering?