cyber-security-resources/recon/README.md

# Active and Passive Reconnaissance Tips and Tools

## Passive Recon

### Website Exploration and "Google Hacking"
* censys - https://censys.io
* Spyse - https://spyse.com
* netcraft - https://searchdns.netcraft.com
* Google Hacking Database (GHDB) - https://www.exploit-db.com/google-hacking-database
* ExifTool - https://www.sno.phy.queensu.ca/~phil/exiftool
* Certficate Search - https://crt.sh/
* Huge TLS/SSL certificate DB with advanced search - https://certdb.com
* Google Transparency Report - https://transparencyreport.google.com/https/certificates
* SiteDigger - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx

### Social Media
* A tool to scrape LinkedIn: https://github.com/dchrastil/TTSL
* cree.py	http://ilektrojohn.github.com/creepy

### Whois
WHOIS information is based upon a tree hierarchy. ICANN (IANA) is the authoritative registry for all of the TLDs and is a great starting point for all manual WHOIS queries.
* ICANN - http://www.icann.org
* IANA - http://www.iana.com
* NRO - http://www.nro.net
* AFRINIC - http://www.afrinic.net
* APNIC - http://www.apnic.net
* ARIN - http://ws.arin.net
* LACNIC - http://www.lacnic.net
* RIPE - http://www.ripe.net

## BGP looking glasses
* BGP4 - http://www.bgp4.as/looking-glasses
* BPG6 - http://lg.he.net/

## DNS
* dnsenum -	http://code.google.com/p/dnsenum
* dnsmap - http://code.google.com/p/dnsmap
* dnsrecon - http://www.darkoperator.com/tools-and-scripts
* dnstracer - http://www.mavetju.org/unix/dnstracer.php
* dnswalk - http://sourceforge.net/projects/dnswalk

## Dark Web Research
* [Search Engines for Academic Research](https://www.itseducation.asia/deep-web.htm)
* See additional information under the [OSINT Dark Web OSINT Tools section](https://github.com/The-Art-of-Hacking/h4cker/tree/master/osint#dark-web-osint-tools)
 

### Other Great Intelligence Gathering Sources and Tools
* Resources from Pentest-standard.org - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Intelligence_Gathering

## Active Recon
* Tons of references to scanners and vulnerability management software for active reconnaissance - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Vulnerability_Analysis
adding recon info 2018-01-20 00:14:08 -05:00			`# Active and Passive Reconnaissance Tips and Tools`

			`## Passive Recon`

			`### Website Exploration and "Google Hacking"`
Update README.md 2020-06-23 20:17:19 -04:00			`* censys - https://censys.io`
			`* Spyse - https://spyse.com`
			`* netcraft - https://searchdns.netcraft.com`
			`* Google Hacking Database (GHDB) - https://www.exploit-db.com/google-hacking-database`
			`* ExifTool - https://www.sno.phy.queensu.ca/~phil/exiftool`
adding recon info 2018-01-20 00:14:08 -05:00			`* Certficate Search - https://crt.sh/`
Update README.md 2020-06-23 20:17:19 -04:00			`* Huge TLS/SSL certificate DB with advanced search - https://certdb.com`
adding recon info 2018-01-20 00:14:08 -05:00			`* Google Transparency Report - https://transparencyreport.google.com/https/certificates`
			`* SiteDigger - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx`

			`### Social Media`
			`* A tool to scrape LinkedIn: https://github.com/dchrastil/TTSL`
Update README.md 2020-06-23 20:17:19 -04:00			`* cree.py http://ilektrojohn.github.com/creepy`
adding recon info 2018-01-20 00:14:08 -05:00
			`### Whois`
			`WHOIS information is based upon a tree hierarchy. ICANN (IANA) is the authoritative registry for all of the TLDs and is a great starting point for all manual WHOIS queries.`
			`* ICANN - http://www.icann.org`
			`* IANA - http://www.iana.com`
			`* NRO - http://www.nro.net`
			`* AFRINIC - http://www.afrinic.net`
			`* APNIC - http://www.apnic.net`
			`* ARIN - http://ws.arin.net`
			`* LACNIC - http://www.lacnic.net`
			`* RIPE - http://www.ripe.net`

			`## BGP looking glasses`
			`* BGP4 - http://www.bgp4.as/looking-glasses`
			`* BPG6 - http://lg.he.net/`

			`## DNS`
			`* dnsenum - http://code.google.com/p/dnsenum`
			`* dnsmap - http://code.google.com/p/dnsmap`
			`* dnsrecon - http://www.darkoperator.com/tools-and-scripts`
			`* dnstracer - http://www.mavetju.org/unix/dnstracer.php`
			`* dnswalk - http://sourceforge.net/projects/dnswalk`

Update README.md 2021-02-23 13:49:06 -05:00			`## Dark Web Research`
			`* [Search Engines for Academic Research](https://www.itseducation.asia/deep-web.htm)`
			`* See additional information under the [OSINT Dark Web OSINT Tools section](https://github.com/The-Art-of-Hacking/h4cker/tree/master/osint#dark-web-osint-tools)`



adding recon info 2018-01-20 00:14:08 -05:00			`### Other Great Intelligence Gathering Sources and Tools`
			`* Resources from Pentest-standard.org - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Intelligence_Gathering`

			`## Active Recon`
			`* Tons of references to scanners and vulnerability management software for active reconnaissance - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Vulnerability_Analysis`