A Structured Comparison of Social Engineering
Intelligence Gathering Tools
Kristian Beckers1, Daniel Schosser1, Sebastian Pape2, and Peter Schaab1
1Technische Universit¨at M¨unchen (TUM), Institute of Informatics
Boltzmannstr. 3, 85748 Garching, Germany
2Goethe University Frankfurt, Faculty of Economics and Business Administration
Theodor-W.-Adorno-Platz 4, 60323 Frankfurt am Main, Germany
Social engineering is the clever manipulation of the human
tendency to trust to acquire information assets. While technical security
of most critical systems is high, the systems remain vulnerable to attacks
from social engineers. Traditional penetration testing approaches often
focus on vulnerabilities in network or software systems. Few approaches
even consider the exploitation of humans via social engineering. While the
amount of social engineering attacks and the damage they cause rise every
year, the defences against social engineering do not evolve accordingly.
However, tools exist for social engineering intelligence gathering, which
means the gathering of information about possible victims that can be
used in an attack. We survey these tools and present an overview of their
capabilities. We concluded that attackers have a wide range of intelligence
gathering tools at their disposal, which increases the likelihood of future
attacks and allows even non-technical skilled users to apply these tools.
social engineering; threat analysis; security awareness, security
“The biggest threat to security of a company is not a computer virus, an unpatched
hole in a key program or a badly installed ﬁrewall. In fact, the biggest threat
could be you [...] What I found personally to be true was that it’s easier to
manipulate people rather than technology [...] Most of the time organizations
overlook that human element”. These words from Kevin Mitnick [
] were made
over a decade ago and are still of utmost importance today.
As security technology improves the human user remains the weakest link in
system security. It is widely accepted that the people of an organization are
therefore both the main vulnerability of any organization’s security as well as the
most challenging aspect of system security [
]. Chris Hadnagy [
social engineering as “Any act that inﬂuences a person to take an action that may
or may not be in their best interest”. Numerous security consultants consider it a
given for themselves as well as for genuine attackers to access critical information
via social engineering [14, 43].
The harm of social engineering attacks has been discussed in various reports. In
2 Kristian Beckers, Daniel Schosser, Sebastian Pape, and Peter Schaab
2003 Gulati [
] reported that cyber attacks cost U.S. companies $266 million
every year and that 80% of the attacks are a form of social engineering. Although
not being very recent assessments of the situation, it seems that little has changed
until today. A study of 2011 from Dimensional Research [
] shows that nearly
half of the considered large companies and a third of small companies fell victim
of 25 or more social engineering attacks in the two years before. The study further
shows that costs per incident usually vary between $25 000 and over $100 000.
Furthermore, surveys, like Verizon’s Data Breach Investigation Report [
show the impact of social engineering. According to these studies the impact has
grown from 7% of breaches in 2012 to 29% of breaches in 2013. These numbers
should not be ignored and active support for mitigating these threats is needed.
Even though companies are aware of the social engineering problem, they have
little tools available to even assess the threat for themselves. Hiring penetration
testing companies that attack their clients and show weaknesses in their defences
is one available option. However, these tests have a number of inherent problems.
Particularly, to address legal issues high eﬀort has to be invested upfront [
In addition, the test outcome is closely related to the limited scope of the test.
A tester may ﬁnd that some employees are violating security policies. While
this is an important ﬁnding that lets a company improve the education of their
employees, the completeness of these kind of tests is an issue. Only few employees
can be tested on only few occasions. Moreover, experiments indicate that this
approach is diﬃcult, due to humans’ demotivation when confronted with these
testing results .
A number of tools are available that enable intelligence gathering. On one side
using these tools a social engineer can gather information that help him attack
persons or organizations. On the other side, these tools provide an organization
with an excellent alternative to pen testing or awareness trainings, as they allow
to analyse possible vulnerabilities. However, a structured survey on the tools’
capabilities is missing so far.
We believe to improve the current situation by conducting a structured survey of
social engineering intelligence gathering tools and contribute the following:
a classiﬁcation of existing tools regarding categories such as proposed purpose,
price, perceived usability, visualization of results etc.
a survey of information types retrieved by the tools regarding information
about company employees and their communication channels, as well as
related information e.g. company policies;
a discussion of how even simple attacker types can use these tools for sophis-
ticated social engineering attacks
The remainder of our paper is organised as follows. Section 2 outlines the criteria
for comparison, and Section 3 presents the results of our comparison. Section 4
concludes and provides directions for future research.
A Structured Comparison of Social Engineering Intelligence Gathering Tools 3
2 Social Engineering Basics and Tool Criteria
We acquire a basic understanding of social engineering and the general process
attackers follow in Sect. 2.1. During the process various information is gathered
about people, whom social engineers attack. Section 2.2 details our categorization
of this social engineering information based on related work. Furthermore, we
classify the tools on their potential of applicability, which describes the barriers
that may or may not prevent an attacker from using them. For example, a tool
that has a high price and poor usability will have little potential to be used by
2.1 The Social Engineering Process
Various works report an underlying process to social engineering [
which have recently been uniﬁed by Milosevic [
]. A social engineering attack
consists of multiple phases as summarized in Table 1. In phase one the attacker
conducts surveillance to identify a person within the inner circle of the targeted
company. This person shall have access to the information the attacker desires.
The next phase focuses on ﬁnding out as much about this person as possible.
Every bit of information can help the attacker to manipulate the victim and her
trust. During the pretexting phase the attacker starts building a relationship to
the victim. Afterwards the attacker exploits the built up trust in the relationship
and evaluates the gathered information in the post-exploitation phase.
Table 1: Overview of Social Engineering Phases by Milosevic 
Find targets with suﬃcient access to information/knowledge
to perform an attack.
Gather information on each of the valid targets. Choose the
ones to attack.
Use gathered information to build a relationship to the target.
Gain victims’ trust to access additional information.
Exploitation Use the built up trust to get the desired information.
Analyze the attack and the retrieved information. If necessary
return to a previous phase to continue the chain of attack
until the ﬁnal information has been retrieved.
2.2 Social Engineering Information
This section focuses on types of information that can be gathered by a tool,
in the following referred to as criteria. All criteria cover one or more essential
4 Kristian Beckers, Daniel Schosser, Sebastian Pape, and Peter Schaab
information for social engineering attackers. The more criteria a tool covers, the
more interesting it is for a social engineer during information gathering.
Communication channels are one of the most rel-
evant information for a social engineer. This category will list which channels
can be found by a certain tool. Possible channels are “Telephone Numbers”,
“Social Media Accounts”, “E-Mails”, “Instant Messengers”, “Friends”, “Personal
Information” and “Private Locations” [23, 27].
Some tools have access to databases which contain leaked
user credentials. If a social engineer gets access to login information of a certain
employee, it simpliﬁes the conduction of an attack. Firstly, he can directly access
a victim’s accounts. Secondly, the attacker could pose as someone else, e.g. an
administrator from the IT department, and by having access to the target’s data
convince his victim to act in a certain way [18, 27].
Some tools are especially designed to gather location data, while
others provide them as a byproduct. Both, work addresses as well as an em-
ployee’s private addresses can be useful for multiple purposes. Location data can
be gathered from social media as it is embedded in photos and videos taken by
cellphones. Also posts on social media can be tagged with a location. Other tools
can convert IP addresses into physical locations and therefore ﬁnd the physical
locations of technical equipment [35, 18].
By retrieving the job position of an employee the social engineer
can ﬁgure out what kind of information someone has access to. Based on job
title, the attacker can draw conclusions about whether an employee is new to
a company, what the hierarchy within the company looks like and much more.
Based on the organization’s structure, it is possible to use techniques such as
name-dropping, using the name of someone higher in the company’s hierarchy,
to pressure the target into revealing information [18, 27].
One of the easiest ways to convince someone of being au-
thorized to access some information is by knowing the correct lingo [
means the words and abbreviations employees use within a company. Although
this information is of great importance, it is very challenging to get access to.
Knowledge about the lingo can be obtained by getting access to company manuals,
internal reports or talking to employees.
The more personal information an attacker has on his
target, the easier it is to ﬁnd the correct angle and pressure points. One example
would be well-deﬁned spear-phishing e-mails using a person’s interests. In case
the e-mail contains enough private information to make it believable, the target
is far more likely to open an attachment [35, 19].
2.3 Potential for Applicability
This section presents the evaluation criteria to generally classify the software.
Some of the tools are actually designed to gather informa-
tion on a person or company in the context of social engineering. However, a
A Structured Comparison of Social Engineering Intelligence Gathering Tools 5
user can also use tools for attacks which were designed for something completely
diﬀerent than social engineering.
While some tools are free, others can be quite expensive and therefore
might not be applicable for a quick self assessment. In some cases the tool itself
is free, but for some features the user needs to have an API key that can be
costly. This criteria focuses on the prices of each tool and its limitations coming
with diﬀerent price tiers.
Based on the user interface and the amount of documentation pro-
vided, this category assesses the ease of usage. The underlying question is if the
usability of a tool allows a company to perform its own threat assessment.
Some tools have a broad range of possible search arguments,
but most tools need speciﬁc information to initiate a search. Depending on which
speciﬁc piece of information is required by the tool, this might limit the social
engineer in the decision what tools to use.
Some tools print all information into tables while others
have better ways of visualizing gathered information. For example location data
can be illustrated by marking the positions on a map, instead of only providing
Ranking of results.
As the amount of gathered information grows, the more
valuable an adequate selection and sorting becomes. Therefore, ﬁltering irrelevant
information is helpful in focusing on more promising targets/information. We
did not ﬁnd signiﬁcant support for ﬁltering in the analysed tools and therefore
do not list this criteria in the following.
Most of the tools are only designed to gather
information and do not inform how to protect this information. While this is not
relevant for social engineers, it is highly relevant for those who want to protect
themselves against attackers and against information gathering in general. Note
that none of the tools suggest countermeasures, therefore we did not list the
category in the following.
3 Comparing Social Engineering Tools and Webpages
In the following section, we introduce and analyze relevant tools and webpages.
In a second step we provide an overview over the types of information that can
be gathered by them.
3.1 Social Engineering Tools and Webpages
We compiled the following list of social engineering tools by using the following
words ”social engineering and tool or application or script or webpage” in a
search and the list published by Hadnagy [
]. Three security researchers
6 Kristian Beckers, Daniel Schosser, Sebastian Pape, and Peter Schaab
analysed the results independently and we included all tools and webpages that
they agreed on having the potential to help a social engineering attacker conduct
the process outlined in Sect. 2.1. We identiﬁed the following tools and webpages
that met our criteria.
Maltego (Kali Linux Edition, Version 3.6.1)
] is an intelligence
and forensics application. Before starting a search, the user can choose between
diﬀerent machines. Every machine has its own purpose and is designed for a
particular attack vector. Maltego oﬀers 12 default machines within the software
such as: Company Stalker This machine tries to get all e-mail addresses at a
domain to resolve them on social networks. It also gets documents and extracts
meta data. As an input, it needs a company’s domain. Find Wikipedia Edits
This machine takes a domain and looks for possible Wikipedia edits. Footprint
L1 This module performs a level 1 (fast, basic) footprint of a domain. Person -
E-Mail Address This machine tries to obtain someone’s e-mail address and checks
where it’s used on the internet.
Maltego combines multiple modules to gather information from various sources
and represents them in an easy to understand way in form of a bubble diagram.
The user can start of with a domain name, a username, an IP address or the
name of a person depending on which module he wishes to use. The gained
information can be used for further research e.g. as input for other modules.
Recon-ng (Version 4.8.0)
] is a full-featured Web Reconnaissance
framework. It is based on a large list of modules which can be used to gather
information about a speciﬁc target. The modules range from host information
to social media. The user is free to chain these modules after each other and by
starting with a single domain name, the database can be ﬁlled with employee
names, their e-mail addresses, usernames, passwords and geolocations of all
involved servers. The ﬁnal reports can be exported in json, csv, xml, html or as
a pdf. Similar to the Social Engineering Toolkit and Metasploit its user interface
is console based.
Cree.py (Version 1.4)
] is a geolocation Open Source Intelligence
(OSINT) tool. It is designed to gather geolocation related information from online
sources like social networks. This information can be ﬁltered by location or date
and is presented on a map. Therefore, Cree.py is useful to follow the trace of
where a person has been over the time of using certain social media platforms.
Examples would be Instagram, Twitter or Tumblr which gather location data on
where photos or posts have been created. These information can be displayed on
a map and recreate a trace of places where a person has been.
] is a search engine for people in the United States of America.
There exist equivalent versions for other countries e.g. Pipl.com and PeekYou.com
index people from all over the world. By entering the name, e-mail address, phone
number, address or username of a person all related people matching the provided
criteria are reported back. Depending on the wanted detail of the provided report,
the price varies.
A Structured Comparison of Social Engineering Intelligence Gathering Tools 7
Social Engineering Toolkit (SET)
] does not focus on ﬁnding infor-
mation about a person. SET rather uses information on persons to e.g. send
them phishing e-mails or gather information about company networks. The SET
allows integration with other tools such as Metasploit that contain various scripts
for vulnerability testing.
The Wayback Machine
The Wayback Machine [
] is an archive of the internet.
The vendor claims to provide the history of more then 427 billion web pages (as
of July 2015). The platform creates snapshots of websites and allows a user to go
back to older versions of a website that have been replaced by newer ones.
theHarvester (Version 2.7)
The Harvester [
] is designed to gather e-mail
addresses, subdomains, hosts, and open ports from public sources. These sources
contain search engines, PGP key servers and the SHODAN [
] computer database
for internet-connected devices.
The Whitepages [
] website supports persons in ﬁnding people,
their addresses and telephone numbers, private and from work. The service
focuses on the U.S. and also provides reverse phone searches and similar means
to identify a person based on technical information such as a phone number.
The freebackgroundcheck.com [
] website provides infor-
mation about people that has been collected by background checks on them for
e.g. a telecommunication provider. The intention is that people can get informed
what information is available about them and most likely checked in situations
such as job interviews. The website Instant Checkmate [
] on the other hand
focuses on providing information to the public about people’s arrest records and
Especially in the United States it is very easy to gain access to
government information, as most data is publicly available [
]. Every person
interested in the data can get access to arrest records, tax records and more for
a small monetary fee per request. In addition, Ratsit in Sweden [
in Finland [
], Skatterlister in Norway [
] and recently the Federal Board of
Revenue in Pakistan  also publish tax records online.
Company Related Information
As social engineers thrive to know as much
about the social surroundings of a target as possible, there are a lot of tools,
that help gathering social related information about a target. Websites like
] and Namechk [
] allow to search on more then 600 social media
networks, if a username is already allocated or still available. While this is not
the primary purpose of the website, an attacker can use this to track down social
media networks, which a target is using. SocialMention [
] is a platform, that
searches for user-generated content like posts, blogs, videos, etc. from a speciﬁc
user. By gathering this kind of information the attacker learns a lot about the
target and his behavior.
In most cases a social engineer is not after private information about a target, but
work related information. This is due to an attacker generally trying to get access
8 Kristian Beckers, Daniel Schosser, Sebastian Pape, and Peter Schaab
to work related sensitive information. Websites such as Monster [
], LinkedIn [
and Xing [
] are good sources for collecting CVs and current job positions of
people related to the target. In addition platforms like careerbuilder [
] provide information about open job oﬀers and expected earnings.
], MarketVisual [
] and LittleSis [
] are useful to gain knowledge
about the social networks of employees. Especially for larger companies, these
websites oﬀer information about who is connected to whom.
3.2 Analyzing the Social Engineering Attack Potential
After having established each tool’s characteristics, it is important to know, what
tool is able to retrieve which kind of information. Some tools are able to collect
more information than others and some information can only be found with
a speciﬁc tool. Table 2 provides an overview of the tools survey. Furthermore,
Table 3 provides a reﬁnement of the previous table considering the potential for
applicability categories introduced in Sect. 2.3 for selected tools and webpages.
For space reasons we do not show the information for all tools and websites.
Table 2: Social Engineering Tool Comparison
Search by Person/ Company o++++ ++++ ++++ +++++ ++
Retrieve E-Mail Address o++++ ooo++o o o o
Retrieve Username/ Password oo++oooooooo
Retrieve Job-Title oo++oooooo++ ++
Retrieve Locations o+++++ooo++ ++++
Retrieve Personal Data oooo++oo+ + ++ ++
Usability ++++++++++++++++ ++
Visualize Output ++++++ ++++ +++++ ++++
Retrieve Company Lingo ooooooooooo
Free to use ++++ ++++ o++++ ++++ o o
oDoes not apply or cannot be used in this case
+Does apply in some cases, does collect limited information
++ Does fully apply, does gather the amount/quality of information needed
A Structured Comparison of Social Engineering Intelligence Gathering Tools 9
Table 3: Potential for Applicability
Category Maltego Recon-ng Cree.py Spokeo
The Wayback Ma-
Delivery of a threat
picture of an orga-
tion of web-based
Provision of geolo-
cation related infor-
mation from social
Provision of per-
Archive for web-
pages and other
and open ports
edition, Full license
Free, API Keys up
Free basic informa-
for detailed re-
ports, $9.95 for
Easy to understand
UI. Basic knowl-
edge about struc-
ture and connec-
tion of information
and available ma-
tool. Basic knowl-
edge about struc-
ture and connec-
tion of information
Easy to use due to
UI and step by step
Easy to use due to
step by step guid-
Easy to use due
to centralization in
single search ﬁeld.
Depending on the
machine name, web
Depending on the
name, URL, name.
Color coded data
sizes according to
Local database ex-
portable to various
Data listed, pins on
Pins on map.
data entries. Avail-
Phase 1 - Pre-
actions, Phase 2 -
Phase 2 - Intelli-
Phase 2 - Intelli-
Phase 1 - Pre-
actions, Phase 2 -
Phase 1 - Pre-
actions, Phase 2 -
Phase 2 - Intelli-
10 Kristian Beckers, Daniel Schosser, Sebastian Pape, and Peter Schaab
Our goal is to show the utility of these tools for attackers. Therefore, we selected
three attack types mentioned repeatedly [
]: Phishing,Baiting, and
Impersonation. We describe these below including their needs of two essential
information categories: communication channels and company knowledge. An
attacker requires communication channels since the attacker has to communicate
with a victim to exploit her trust. In addition, an attacker requires knowledge
about the company to know whom to attack and how to get the companies
employees’ trust. The more details an attacker knows, the more likely people
believe he has a relation to the company. We detail these information needs for
the attack types below and reﬁne them in Table 4.
refers to masquerading as a trustworthy entity and using this trust
to acquire information or manipulating somebody to perform an action. This
often appears in an unguided way via email to thousands of possible victims.
Recently, spear-phishing attacks happen, which aim for a speciﬁc target instead
of the broader mass. The social engineer gathers as much intelligence about the
target as he can or needs and then prepares a tailored message for the victim.
Phishing attacks are mainly based on communicating with
the victim, therefore the amount of information on communication channels is
critical. The more channels an attacker has, the easier it is, to ﬁnd one that can
help bridge the gap between the engineer and the victim. In addition, the more
company knowledge exist, the more targeted the attack can be.
is to leave a storage medium (e.g., a USB stick) inside a company
location that contains malicious software (e.g., a key logger). The malicious
software is executed automatically when the stick is inserted in a computer.
Baiting is a passive attack vector, which does not need
direct interaction with the victim. Therefore, the focus lies on gathering company
knowledge. In particular, locations and walking routes of employees for placing
the storage medium are essential.
is to play the role of someone a victim is likely to trust or obey,
e.g. an authority ﬁgure. The attacker fools the victim into allowing him access
to the desired location or information. Usually, attackers prepare well for an
impersonation and leverage vast amount of information.
For a successful impersonation attack company knowledge
is a priority. The social engineer needs knowledge of numerous areas of the
company. The more information he has on the persona he is playing, the more
convincing he can be. Communication channels are of less importance, since the
victim is approached in person.
We illustrate the degree to which the information needs of a social engineer
can be covered for the discussed attack types. Tables 5 and 6 match tools with
communication channels and company knowledge. Table 6 reveals that numerous
tools cover information gathering for locations, websites, new employees etc. of
companies. However, the Company Lingo is not covered at all. Company lingo
contains all abbreviations and speciﬁc terms used in a company and has been
used by social engineers to bypass authentication mechanisms, e.g. personnel
often thinks everyone knowing the company lingo belongs to the company .
A Structured Comparison of Social Engineering Intelligence Gathering Tools 11
Table 4: Mapping of Social Engineering Characteristics to Attack Types
Phishing Baiting Impersonation
Telephone Number x
Friends x x
Personal Information x x
Private Locations x x
Instant Messenger x
Co-Workers: Communication x
Co-Workers: New Employee x
Co-Workers: Hierarchies x
Lingo x x
Facilities: Security-Measures x x
Facilities: Company Location x x
Policies: Software x
Policies: Network x
Policies: Organization x
Table 5: Tool Coverage for Communication Channels
Telephone Number x x
EMail x x x x x
Instant Messenger x x x x x
Friends x x x x x
Personal Information x x x x x x
Private Locations x x x
For “Facility Security Measures”, “Security Policies” and “Software Policies”
there is a similar result. Besides theHarvester and Recon-ng, which can both only
gather information concerning web-security like open ports or SSL-Encryption,
all other tools are not directly suitable for social engineers. Wireshark needs
physical access, which is not exactly what a social engineer prefers and Gitrob
is one of the tools, with very slim chances of success. If the company has any
security policies or hosts their sourcecode within the company, then Gitrob will
most likely not be able to access it and therefore not gain any information.
To sum up, modern social engineers have a variety of tools at their disposal
for information gathering, which they can use in numerous attacks. We provide
an exemplary overview for phishing, baiting, and impersonation attacks and
summarize in Table 7. The empty ﬁelds mean that three security researchers
could not identify a use for that tool for any of the attacks above. Note that there
are still some types of information that are diﬃcult to gather for an attacker such
as company lingo, but we have little doubt that in the future further tools and
social media oﬀers will ﬁll this gap. Furthermore, our comparison showed that
all tools have a good or great usability and provide easy to understand output.
12 Kristian Beckers, Daniel Schosser, Sebastian Pape, and Peter Schaab
Table 6: Tool Coverage for Company Knowledge
Company Locations x x x x x x
Special Knowledge x x x x
New Employees x x x
Hierarchies x x x
Websites x x x x
Facility Security Measures x x
Security Policies x x x
Software Policies x x x
Tools vs. AttackType Knowledge with P for Phishing, I for Impersonation,
and B for Baiting
Telephone Number P P
Friends P,I P,I P,I P,I P,I
Personal Information P,I P,I P,I P,I P,I P,I
Private Locations P,I P,I P,I
E-Mail P P P P P
InstantMessenger P P P P P
Co-Workers: NewEmployee I I I
Co-Workers: Hierarchies I I I
Facilities: Security-Measures B,I B,I
Facilities: Company Location B,I B,I B,I B,I B,I B,I
Websites P P P P
This means intelligence gathering can be used by an attacker with little technical
knowledge such as script kiddies. Therefore, we have to take the threats arising
from increased and easily available knowledge for social engineering seriously.
We conducted a structured survey of social engineering tools, which ease the
attacker’s eﬀort of ﬁnding information about victims. We mapped the information
to their usefulness for phishing, impersonation or baiting attacks. Our analysis
revealed that the social engineering threat is more dangerous than ever before,
A Structured Comparison of Social Engineering Intelligence Gathering Tools 13
due to the number of tools at an attacker’s disposal and the signiﬁcant amount
of detail they provide. We propose the following.
Implications for possible Victims
People in general, not only employees in
companies, can fall victim to social engineering. Therefore, people should ﬁnd out
what is available about them in the web using the tools or websites listed here.
Ideally, stories of new contacts and unusual requests to secret information should
be checked and veriﬁed more carefully than in the past. Means of protection can
include false information released such a bogus address or non-existing hobbies.
Any requests using this information identify possible social engineers.
Implications for Security Practitioners
Chief information oﬃcers and con-
sultants should integrate a demonstration of the tools in this publication to raise
awareness of the social engineering threat in companies. Just when people see
the ease of collecting information with the tools and websites and how these are
used e.g. in phishing, they can understand the need for strict security policies
with regard to the release of data in the web.
Suggestions for Law Enforcement
has to operate under the assumption that
criminals will get all information about their victims without ever leaving their
home or having mature computer skills. Everyone can be a social engineer and is
a possible perpetrator. Countermeasures have to include network traﬃc analysis
of how an attacker gathered the information for his attacks.
Limitations of the Tools
The only information type that social engineering
tools do not provide today is the so-called company lingo, the abbreviations and
speciﬁc words used in a company or domain. However, we are certain that in the
future, tools combining machine learning and big data analysis will ﬁll this gap.
Limitations of our Study
We conducted the study using a previous survey of
tools and a web search engine. These sources can be extended in particular to
including sites that are not indexed by web search engines e.g. in the dark web.
This work will require a collaboration with a law enforcement agency.
This research has been partially supported by the Federal Ministry of Education
and Research Germany (BMBF) with project grant number 16KIS0240.
1. Freebackgroundcheck. https://mybackgroundcheck.preemploy.com.
2. Instant checkmate. https://www.instantcheckmate.com.
3. Norwegian register. http://skattelister.no/.
4. Tax information. http://www.veroporssi.com/.
14 Kristian Beckers, Daniel Schosser, Sebastian Pape, and Peter Schaab
5. Whitepages. http://www.whitepages.com.
N. Barrett. Penetration testing and social engineering: hacking the weakest
link. Information Security Technical Report, 8(4):56–64, 2003.
BBC News. How to hack people.
2320121.stm, October 2002.
8. CareerBuilder. Job search engine. http://careerbuilder.com/.
Dimensional Research. The risk of social engineering on informa-
engineering-on-information-security.html, September 2011.
T. Dimkov, A. van Cleeﬀ, W. Pieters, and P. Hartel. Two methodologies
for physical penetration testing using social engineering. In Proceedings of
ACSAC, ACSAC ’10, pages 399–408. ACM, 2010.
Dun & Bradstreet. Sales acceleration platform.
13. Glassdoor. Recruiting website. https://www.glassdoor.de/.
D. Gragg. A multi-level defense against social engineering. SANS Reading
Room, March, 13, 2003.
R. Gulati. The threat of social engineering and your defense against it. SANS
Reading Room, 2003.
Hadnagy. Social engineering toolkit (set).
C. Hadnagy. Social engineering: The art of human hacking. John Wiley &
Sons, Indianapolis, 2010.
18. C. Hadnagy. The Oﬃcial Social Engineering Portal, 2015.
Internetsafety 101. Social Media Statistics, 2013.
20. Kakavas. Geolocation OSINT Tool. http://www.geocreepy.com/.
J. Kee. Social engineering: Manipulating the source. GCIA Gold Certiﬁcation,
22. KnowEm LLC. Social media brand search engine. http://knowem.com/.
K. Krombholz, H. Hobel, M. Huber, and E. Weippl. Social engineering
attacks on the knowledge worker. In Proceedings of Security of Information
and Networks, SIN ’13, pages 28–35. ACM, 2013.
24. LinkedIn. Business social networking service. http://linkedin.com/.
A Structured Comparison of Social Engineering Intelligence Gathering Tools 15
25. MarketVisual. Business search engine. http://www.marketvisual.com/.
26. N. Milosevic. Introduction to Social Engineering, 2013.
K. D. Mitnick and W. L. Simon. The Art of Deception: Controlling the
Human Element in Security. 2003.
28. Monster Wolrdwide Inc. Job search engine. http://monster.com/.
29. Namechk. Username and domain search tool. https://namechk.com/.
30. National Association of Counties. http://www.naco.org/.
Pakistan Government. Federal board of revenue.
Paterva. Maltego clients and servers.
33. Public Accountability Initiative. http://littlesis.org/.
34. Ratsit & Invativa. Credit business website. http://www.ratsit.se/.
35. K. Regan. 10 Amazing Social Media Growth Stats From 2015, 2015.
Shodan. Search engine for the internet of things.
socialmention. social media search platform.
38. Spokeo. People search website. http://www.spokeo.com/.
The Internet Archive. The wayback machine.
T. Tomes. Web reconnaissance framework.
Verizon. Data Breach Investigations Report, 2012.
Verizon. Data Breach Investigations Report, 2013.
M. Warkentin and R. Willison. Behavioral and policy issues in information
systems security: the insider threat. European Journal of Information Systems,
G. Watson, A. Mason, and R. Ackroyd. Social Engineering Penetration
Testing: Executing Social Engineering Pen Tests, Assessments and Defense.
45. Xing. Business social networking service. http://xing.com/.
All online references were last checked on 12.01.2017.