Question

Many of the strategies I discussed so far are all examples of open source intelligence (OSINT) , or the practice of gathering intel from public sources of information. This section details other OSINT sources you might use to extract valuable information.

到目前为止，我讨论的许多策略都是公开源情报（OSINT）的例子，或者从公共信息来源收集情报的实践。本节详细介绍了其他可能用于提取有价值信息的 OSINT 来源。

First, check the company’s job posts for engineering positions. Engineering job listings often reveal the technologies the company uses. For example, take a look at an ad like this one:

首先，查看公司发布的工程职位。工程职位列表通常会透露公司使用的技术。例如，看看这样一个广告：

Full Stack Engineer

全栈工程师

1. Minimum Qualifications:
2. Proficiency in Python and C/C++
3. Linux experience
4. Experience with Flask, Django, and Node.js
5. Experience with Amazon Web Services, especially EC2, ECS, S3, and RDS

From reading this, you know the company uses Flask, Django, and Node.js to build its web applications. The engineers also probably use Python, C, and C++ on the backend with a Linux machine. Finally, they use AWS to outsource their operations and file storage.

从阅读这篇文章，你知道该公司使用 Flask、Django 和 Node.js 构建其网站应用程序。工程师们在后台也可能使用 Python、C 和 C++，并使用 Linux 机器。最后，他们使用 AWS 来外包他们的操作和文件存储。

If you can’t find relevant job posts, search for employees’ profiles on LinkedIn, and read employees’ personal blogs or their engineering questions on forums like Stack Overflow and Quora. The expertise of a company’s top employees often reflects the technology used in development.

如果您找不到相关的职位发布，请在 LinkedIn 上搜索员工个人资料，并阅读员工在 Stack Overflow 和 Quora 等论坛上的工程问题或个人博客。公司顶尖员工的专业知识通常反映了开发中使用的技术。

Another source of information is the employees’ Google calendars. People’s work calendars often contain meeting notes, slides, and sometimes even login credentials. If an employee shares their calendars with the public by accident, you could gain access to these. The organization or its employees’ social media pages might also leak valuable information. For example, hackers have actually discovered sets of valid credentials on Post-it Notes visible in the background of office selfies!

另一个信息来源是员工的谷歌日历。人们的工作日历通常包含会议记录、幻灯片，有时甚至包含登录凭据。如果员工不小心将他们的日历与公众共享，您可能会获得这些信息。该组织或其员工的社交媒体页面也可能泄露有价值的信息。例如，黑客实际上发现了办公室自拍背景中可见的 Post-it 笔记上的一组有效凭据！

If the company has an engineering mailing list, sign up for it to gain insight into the company’s technology and development process. Also check the company’s SlideShare or Pastebin accounts. Sometimes, when organizations present at conferences or have internal meetings, they upload slides to SlideShare for reference. You might be able to find information about the technology stack and security challenges faced by the company.

如果公司有工程邮件列表，请注册进去以了解公司的技术和开发流程。还要检查公司的 SlideShare 或 Pastebin 账户。有时，组织在会议上或内部会议时，会上传幻灯片到 SlideShare 供参考。您可能能找到有关公司的技术堆栈和安全挑战的信息。

Pastebin ( https://pastebin.com/ ) is a website for pasting and storing text online for a short time. People use it to share text across machines or with others. Engineers sometimes use it to share source code or server logs with their colleagues for viewing or collaboration, so it could be a great source of information. You might also find uploaded credentials and development comments. Go to Pastebin, search for the target’s organization name, and see what happens! You can also use automated tools like PasteHunter ( https://github.com/kevthehermit/PasteHunter/ ) to scan for publicly pasted data.

Pastebin（https://pastebin.com/）是一个在线粘贴和储存文本的网站，可供短时间内使用。人们可以使用它来在机器之间或与他人分享文本。工程师有时会使用它来与同事共享源代码或服务器日志，以便查看或协作，因此它可能是一个很好的信息来源。您还可能找到上传的凭据和开发注释。前往 Pastebin，搜索目标组织名称，看看会发生什么！您还可以使用自动化工具，如 PasteHunter（https://github.com/kevthehermit/PasteHunter/），来扫描公开粘贴的数据。

Lastly, consult archive websites like the Wayback Machine ( https://archive.org/web/ ), a digital record of internet content ( Figure 5-9 ). It records a site’s content at various points in time. Using the Wayback Machine, you can find old endpoints, directory listings, forgotten subdomains, URLs, and files that are outdated but still in use. Tomnomnom’s tool Waybackurls ( https://github.com/tomnomnom/waybackurls/ ) can automatically extract endpoints and URLs from the Wayback Machine.

最后，可以查阅像 Wayback Machine（https://archive.org/web/） 这样的档案网站（图 5-9），它是网络内容的数字记录。它会在不同的时间点记录一个网站的内容。使用 Wayback Machine，可以找到旧的端点、目录列表、被遗忘的子域名、URL 和已经过时但仍在使用的文件。Tomnomnom 的 Waybackurls 工具（https://github.com/tomnomnom/waybackurls/）可以自动从 Wayback Machine 中提取端点和 URL。

Figure 5-9 : The Wayback Machine archives the internet and allows you to see pages that have been removed by a website.

图 5-9：Wayback Machine 存档了互联网并允许您查看网站删除的页面。