Section 03: Footprinting through Web Services
Finding Company Domains
Top-level domain (TLD) A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain.
Links
Sublist3r
Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT.
Pentest-tools
Start a full pentest in minutes with powerful cloud-based tools, plus flexible reporting, automation, and collaboration options.
LinkedIn
theHarvester
TheHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red team assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources that include:
Links
The Dark Web
The dark web is the World Wide Web content that exists on darknets: overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location.
Links
Tor Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic through a free, worldwide, volunteer overlay network, consisting of more than seven thousand relays, to conceal a user's location and usage from anyone performing network surveillance or traffic analysis.
Links
OS Determination
Shodan
Shodan is the world's first search engine for Internet-connected devices. Discover how Internet intelligence can help you make better decisions.
Links
Competitive Intelligence
Competitive intelligence (CI) is the process and forward-looking practices used in producing knowledge about the competitive environment to improve organizational performance.
Links
Other Techniques
Google earth
Google finance
Last updated