Reconnaissance audit - Dark web audit


A reconnaissance audit or a dark web audit enables us to identify the attack surface of a company on the clear web or the dark web.


Download our white paper: How to prevent attacks and identify data leaks on the dark web?

Aim of a reconnaissance audit and a dark web audit

A reconnaissance audit enables to identify the attack surface of a company, i.e. all the components of its information system exposed on the web. Most of the time, some elements are known and listed, while others are not.

A dark web audit goes even further by searching the dark web for sensitive information about a company. We have state-of-the-art tools to explore marketplaces, forums, chat rooms and other hidden websites on the dark web.

The purpose of this type of audit is to draw a complete map of the attack surface and then to control and limit the information exposed and available to attackers, in other words to reduce the attack surface. They also help to identify security priorities and facilitate the definition of the scope of pentests that can be carried out afterwards to strengthen the security level.

Contact us

Stages of a reconnaissance audit and a dark web audit

The preparation phase before this type of audit is very limited. In fact, the name of the targeted company is the only starting point of a reconnaissance audit.

Since this type of audit does not involve aggressive searches, there is no need to define intervention dates or to put in place an emergency communication plan.

Our pentesters perform these audits remotely from our offices. The deliverable given at the end of a reconnaissance audit or a dark web audit is a report listing all the technical and human elements identified, as well as recommendations to reduce your attack surface.


Types of elements listed during a reconnaissance audit:

  • Domain names
  • IP addresses
  • Servers exposed on the web
  • Web applications, other online services, APIs
  • Technologies used, versions, components
  • Other sensitive technical data exposed
  • Names of people, e-mail addresses, telephone numbers
  • Flowcharts
  • Passwords leaked on the Internet, and other data leaks

Regarding more specifically the dark web, the elements identified may include:

  • Indicators of compromise
  • Data leaks (logins and passwords, architectural documents and other sensitive data)
  • Indications of ongoing, planned or past attacks
  • Backdoors
Ask for a quotation

Focus on Google Dorks

Google Dorks enable to find information through the use of very precise Google searches.

It is common for documents to be found which are unintentionally available on the Web, because of poor configuration or poor management of files hosted online by a company. In fact, Google continually indexes online sites, which makes it possible to search for interesting information for a cyberattack, by using certain search operators.

For a company, it involves identifying sensitive documents, strategic data or vulnerable services that would be publicly exposed, in order to restrict their access.

Focus on the Dark Web

The dark web is the hidden side of the Internet, made up of sites that are not indexed by search engines and not accessible by standard means. Access uses specific tools such as the Tor network, which is the best known.

This type of network avoids surveillance on the Internet, which is why it is used both by opponents of censorship and by cybercriminals.

For a company, a search for information concerning it on the dark web can identify information that has been hacked or plans for attacks that concern the company.


Our white paper "How to prevent attacks and identify data leaks on the dark web?" outlines how we can help you reduce your attack surface on the dark web. It gathers all the information on the approach, objectives, methodology, deliverables, etc.

Our range of pentests

We cover a wide technical scope, with specific tests for each type of target. The exact area to which the pentest is applied is to be defined directly according to your security priorities, or after a reconnaissance audit phase for identifying the parts that are most at risk from the viewpoint of an attacker.

Contact us