Passive Recon
Google hacking
Google search to find website sub domains
Google search within webaddress
Google filetype, and intitle
Google inurl
Google cached version
Goolge login pages on sites that use then ending .pt (Portugal)
Google Hacking Database
https://www.exploit-db.com/google-hacking-database/
People
Social Media
Sherlock
Email
Simply Email
Find emails in google, bing, pgp, etc
Find emails and employee name with Recon-ng
SSL Certificate Testing
https://www.ssllabs.com/ssltest/analyze.html
Netcraft
Determine the operating system and tools used to build a site
https://searchdns.netcraft.com/
Whois
Banner Grabbing
Last updated
Was this helpful?