MITRE ATT&CK Technique
Description
Adversaries may search freely available technical databases for information about victims that can be used during targeting. Information about victims may be available in online databases and repositories, such as registrations of domains/certificates as well as public collections of network data/artifacts gathered from traffic and/or scans.(Citation: WHOIS)(Citation: DNS Dumpster)(Citation: Circl Passive DNS)(Citation: Medium SSL Cert)(Citation: SSLShopper Lookup)(Citation: DigitalShadows CDN)(Citation: Shodan) Adversaries may search in different open databases depending on what information they seek to gather. Information from these sources may reveal opportunities for other forms of reconnaissance (ex: [Phishing for Information](https://attack.mitre.org/techniques/T1598) or [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593)), establishing operational resources (ex: [Acquire Infrastructure](https://attack.mitre.org/techniques/T1583) or [Compromise Infrastructure](https://attack.mitre.org/techniques/T1584)), and/or initial access (ex: [External Remote Services](https://attack.mitre.org/techniques/T1133) or [Trusted Relationship](https://attack.mitre.org/techniques/T1199)).
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2020-10-02T16:56:05.810Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may search freely available technical databases '
'for information about victims that can be used during '
'targeting. Information about victims may be available in '
'online databases and repositories, such as registrations of '
'domains/certificates as well as public collections of network '
'data/artifacts gathered from traffic and/or scans.(Citation: '
'WHOIS)(Citation: DNS Dumpster)(Citation: Circl Passive '
'DNS)(Citation: Medium SSL Cert)(Citation: SSLShopper '
'Lookup)(Citation: DigitalShadows CDN)(Citation: Shodan)\n'
'\n'
'Adversaries may search in different open databases depending '
'on what information they seek to gather. Information from '
'these sources may reveal opportunities for other forms of '
'reconnaissance (ex: [Phishing for '
'Information](https://attack.mitre.org/techniques/T1598) or '
'[Search Open '
'Websites/Domains](https://attack.mitre.org/techniques/T1593)), '
'establishing operational resources (ex: [Acquire '
'Infrastructure](https://attack.mitre.org/techniques/T1583) or '
'[Compromise '
'Infrastructure](https://attack.mitre.org/techniques/T1584)), '
'and/or initial access (ex: [External Remote '
'Services](https://attack.mitre.org/techniques/T1133) or '
'[Trusted '
'Relationship](https://attack.mitre.org/techniques/T1199)).',
'external_references': [{'external_id': 'T1596',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1596'},
{'description': 'CIRCL Computer Incident Response '
'Center. (n.d.). Passive DNS. '
'Retrieved October 20, 2020.',
'source_name': 'Circl Passive DNS',
'url': 'https://www.circl.lu/services/passive-dns/'},
{'description': 'Hacker Target. (n.d.). DNS Dumpster. '
'Retrieved October 20, 2020.',
'source_name': 'DNS Dumpster',
'url': 'https://dnsdumpster.com/'},
{'description': 'Jain, M. (2019, September 16). '
'Export & Download — SSL Certificate '
'from Server (Site URL). Retrieved '
'October 20, 2020.',
'source_name': 'Medium SSL Cert',
'url': 'https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2'},
{'description': 'NTT America. (n.d.). Whois Lookup. '
'Retrieved November 17, 2024.',
'source_name': 'WHOIS',
'url': 'https://who.is/'},
{'description': 'Shodan. (n.d.). Shodan. Retrieved '
'October 20, 2020.',
'source_name': 'Shodan',
'url': 'https://shodan.io'},
{'description': 'SSL Shopper. (n.d.). SSL Checker. '
'Retrieved October 20, 2020.',
'source_name': 'SSLShopper Lookup',
'url': 'https://www.sslshopper.com/ssl-checker.html'},
{'description': 'Swisscom & Digital Shadows. (2017, '
'September 6). Content Delivery '
'Networks (CDNs) Can Leave You '
'Exposed – How You Might Be Affected '
'And What You Can Do About It. '
'Retrieved October 20, 2020.',
'source_name': 'DigitalShadows CDN',
'url': 'https://www.digitalshadows.com/blog-and-research/content-delivery-networks-cdns-can-leave-you-exposed-how-you-might-be-affected-and-what-you-can-do-about-it/'}],
'id': 'attack-pattern--55fc4df0-b42c-479a-b860-7a6761bcaad0',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'reconnaissance'}],
'modified': '2025-10-24T17:48:48.734Z',
'name': 'Search Open Technical Databases',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': False,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['PRE'],
'x_mitre_version': '1.0'}