MITRE ATT&CK Technique
Description
Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info (ex: [Email Addresses](https://attack.mitre.org/techniques/T1589/002)). These sites may also have details highlighting business operations and relationships.(Citation: Comparitech Leak) Adversaries may search victim-owned websites to gather actionable information. Information from these sources may reveal opportunities for other forms of reconnaissance (ex: [Phishing for Information](https://attack.mitre.org/techniques/T1598) or [Search Open Technical Databases](https://attack.mitre.org/techniques/T1596)), establishing operational resources (ex: [Establish Accounts](https://attack.mitre.org/techniques/T1585) or [Compromise Accounts](https://attack.mitre.org/techniques/T1586)), and/or initial access (ex: [Trusted Relationship](https://attack.mitre.org/techniques/T1199) or [Phishing](https://attack.mitre.org/techniques/T1566)). In addition to manually browsing the website, adversaries may attempt to identify hidden directories or files that could contain additional sensitive information or vulnerable functionality. They may do this through automated activities such as [Wordlist Scanning](https://attack.mitre.org/techniques/T1595/003), as well as by leveraging files such as sitemap.xml and robots.txt.(Citation: Perez Sitemap XML 2023)(Citation: Register Robots TXT 2015)
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2020-10-02T16:51:50.306Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may search websites owned by the victim for '
'information that can be used during targeting. Victim-owned '
'websites may contain a variety of details, including names of '
'departments/divisions, physical locations, and data about key '
'employees such as names, roles, and contact info (ex: [Email '
'Addresses](https://attack.mitre.org/techniques/T1589/002)). '
'These sites may also have details highlighting business '
'operations and relationships.(Citation: Comparitech Leak)\n'
'\n'
'Adversaries may search victim-owned websites to gather '
'actionable information. Information from these sources may '
'reveal opportunities for other forms of reconnaissance (ex: '
'[Phishing for '
'Information](https://attack.mitre.org/techniques/T1598) or '
'[Search Open Technical '
'Databases](https://attack.mitre.org/techniques/T1596)), '
'establishing operational resources (ex: [Establish '
'Accounts](https://attack.mitre.org/techniques/T1585) or '
'[Compromise '
'Accounts](https://attack.mitre.org/techniques/T1586)), and/or '
'initial access (ex: [Trusted '
'Relationship](https://attack.mitre.org/techniques/T1199) or '
'[Phishing](https://attack.mitre.org/techniques/T1566)).\n'
'\n'
'In addition to manually browsing the website, adversaries may '
'attempt to identify hidden directories or files that could '
'contain additional sensitive information or vulnerable '
'functionality. They may do this through automated activities '
'such as [Wordlist '
'Scanning](https://attack.mitre.org/techniques/T1595/003), as '
'well as by leveraging files such as sitemap.xml and '
'robots.txt.(Citation: Perez Sitemap XML 2023)(Citation: '
'Register Robots TXT 2015) ',
'external_references': [{'external_id': 'T1594',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1594'},
{'description': 'Adi Perez. (2023, February 22). How '
'Attackers Can Misuse Sitemaps to '
'Enumerate Users and Discover '
'Sensitive Information. Retrieved '
'July 18, 2024.',
'source_name': 'Perez Sitemap XML 2023',
'url': 'https://medium.com/@adimenia/how-attackers-can-misuse-sitemaps-to-enumerate-users-and-discover-sensitive-information-361a5065857a'},
{'description': 'Bischoff, P. (2020, October 15). '
'Broadvoice database of more than 350 '
'million customer records exposed '
'online. Retrieved October 20, 2020.',
'source_name': 'Comparitech Leak',
'url': 'https://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/'},
{'description': 'Darren Pauli. (2015, May 19). '
'Robots.txt tells hackers the places '
"you don't want them to look. "
'Retrieved July 18, 2024.',
'source_name': 'Register Robots TXT 2015',
'url': 'https://www.theregister.com/2015/05/19/robotstxt/'}],
'id': 'attack-pattern--16cdd21f-da65-4e4f-bc04-dd7d198c7b26',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'reconnaissance'}],
'modified': '2025-10-24T17:48:26.799Z',
'name': 'Search Victim-Owned Websites',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_contributors': ['James P Callahan, Professional Paranoid'],
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': False,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['PRE'],
'x_mitre_version': '1.1'}