Bachelor of Information Communications Technology
Bahrain Polytechnic
Introduction to Information
Security
Lab Session 4a
�Bachelor of Information Communications Technology
Introduction:
This lab focuses on the passive reconnaissance phase of ethical hacking, where the goal is to gather
publicly available information about potential targets without actively probing or interacting with
the systems. In this exercise, you will use Google advanced search operators and various Whois
lookup tools to collect key details such as IP addresses, registered owners, and contact details for
well-known websites. This phase is critical in understanding the footprint of your target before
moving to more active penetration testing.
Learning Outcomes Assessed:
The following learning outcomes are being assessed in this lab session:
1. Perform and report upon an ethical penetration test, focusing on passive reconnaissance
techniques.
Lab 4a - Description:
In this lab, you will use various tools like Google (advanced search operators), number registries
(ARIN, RIPE), and other websites (e.g., network-tools.com, domaintools.com) to gather
information about potential targets. This will give you hands-on experience in passive
reconnaissance, a critical first step in any penetration test.
The targets for this lab are the following websites:
1. www.google.com
2. www.wikipedia.org
3. www.facebook.com
4. www.coursera.org
For each target, gather and document the following information:
• IP address
• Registered location
• Registrar's name and address
• Registrar's contact number (if available)
How to Use the Tools:
Here are some tools and techniques you can use for information gathering:
�Bachelor of Information Communications Technology
• Google Advanced Search Operators: Use operators like site:, inurl:, filetype: to
refine your searches.
• Whois Lookup: Use websites like whois.domaintools.com or network-tools.com to
find detailed information about domains.
• IP Number Registries: Use registries like ARIN (American Registry for Internet
Numbers) and RIPE (Réseaux IP Européens) for IP address lookups.
Documentation:
You should record your findings in a Word-processed document (e.g., MS Word). For each
target, clearly document the IP address, registered location, registrar's name, and contact
information.
Additionally, document the tools and techniques used to gather each piece of information. This
can include details like which Google operators were used and why, or the specific Whois tool
employed.
Analysis of Gathered Information:
Once you have gathered the required information, analyze its importance in the context of ethical
hacking. Consider questions like:
• How can the information collected be used in a penetration test?
• What vulnerabilities or weaknesses might be inferred from the publicly available data?
• How could this information be exploited by malicious actors?
Write a brief reflection on how this information could be valuable to attackers and how
organizations can mitigate these risks.
Ethical Considerations:
As an ethical hacker, it is important to remain within legal and ethical boundaries when gathering
information. Ensure that you are not attempting to bypass security controls or conduct
unauthorized scans or tests on live systems.
Optional Submission:
�Bachelor of Information Communications Technology
Although submission is not required for this lab, you are encouraged to submit your findings for
feedback. Focus on accuracy and thoroughness in your documentation and analysis.
