Passive Information Gathering

Passive subdomain gathering

findomain -t <domain>

Google Hacking database

https://www.exploit-db.com/google-hacking-database

Quickly find directory listings

intitle:"index of" "parent directory"

List of useful tools

whois (https://who.is/) 
google dorking (https://google.com/) 
netcraft (https://www.netcraft.com/)
recon-ng (https://github.com/lanmaster53/recon-ng)
github (https://github.com/) 
shodan (https://shodan.io/) 
security headers scanner (https://securityheaders.com/)
ssl server test (https://www.ssllabs.com/ssltest/)
pastebin (https://pastebin.com/)
theharvester
social-searcher (https://www.social-searcher.com/)
twofi (https://digi.ninja/projects/twofi.php)
linked2username (https://github.com/initstring/linkedin2username)
osint framework (https://osintframework.com/)

PreviousHome NextNetwork Exploitation

Last updated 9 months ago