mirror of
https://github.com/The-Art-of-Hacking/h4cker.git
synced 2024-10-01 01:25:43 -04:00
.. | ||
assessment_mindset.xmind | ||
assessment-mindset.png | ||
bug-bounty-methodology-jhaddix.jpeg | ||
osint-domain-name.jpeg | ||
README.md | ||
smb_enumeration_tips.md | ||
visual-guide-to-recon.jfif |
Active and Passive Reconnaissance Tips and Tools
Passive Recon
Website Exploration and "Google Hacking"
- censys - https://censys.io
- Spyse - https://spyse.com
- netcraft - https://searchdns.netcraft.com
- Google Hacking Database (GHDB) - https://www.exploit-db.com/google-hacking-database
- ExifTool - https://www.sno.phy.queensu.ca/~phil/exiftool
- Certficate Search - https://crt.sh/
- Huge TLS/SSL certificate DB with advanced search - https://certdb.com
- Google Transparency Report - https://transparencyreport.google.com/https/certificates
- SiteDigger - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
Social Media
- A tool to scrape LinkedIn: https://github.com/dchrastil/TTSL
- cree.py http://ilektrojohn.github.com/creepy
Whois
WHOIS information is based upon a tree hierarchy. ICANN (IANA) is the authoritative registry for all of the TLDs and is a great starting point for all manual WHOIS queries.
- ICANN - http://www.icann.org
- IANA - http://www.iana.com
- NRO - http://www.nro.net
- AFRINIC - http://www.afrinic.net
- APNIC - http://www.apnic.net
- ARIN - http://ws.arin.net
- LACNIC - http://www.lacnic.net
- RIPE - http://www.ripe.net
BGP looking glasses
- BGP4 - http://www.bgp4.as/looking-glasses
- BPG6 - http://lg.he.net/
DNS
- dnsenum - http://code.google.com/p/dnsenum
- dnsmap - http://code.google.com/p/dnsmap
- dnsrecon - http://www.darkoperator.com/tools-and-scripts
- dnstracer - http://www.mavetju.org/unix/dnstracer.php
- dnswalk - http://sourceforge.net/projects/dnswalk
Dark Web Research
- Search Engines for Academic Research
- See additional information under the OSINT Dark Web OSINT Tools section
Other Great Intelligence Gathering Sources and Tools
- Resources from Pentest-standard.org - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Intelligence_Gathering
Active Recon
- Tons of references to scanners and vulnerability management software for active reconnaissance - http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Vulnerability_Analysis