# Section 03: Footprinting through Web Services

## Finding Company Domains

## Top Level Domain

A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain.

Links

* <https://en.wikipedia.org/wiki/Top-level_domain>

## Sublist3r

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT.

Links

* <https://github.com/aboul3la/Sublist3r>

## Pentest-tools

Start a full pentest in minutes with powerful cloud-based tools, plus flexible reporting, automation, and collaboration options.

## LinkedIn

## TheHarvester

TheHarvester is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red team assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources that include:

Links

* <https://www.linkedin.com>
* <https://github.com/laramies/theHarvester>

## The Dark Web

The dark web is the World Wide Web content that exists on darknets: overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location.

Links

* <https://en.wikipedia.org/wiki/Dark_web>

### Tor

Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic through a free, worldwide, volunteer overlay network, consisting of more than seven thousand relays, to conceal a user's location and usage from anyone performing network surveillance or traffic analysis.

Links

* <https://en.wikipedia.org/wiki/Tor_(network)>

## OS Determination

## Shodan

Shodan is the world's first search engine for Internet-connected devices. Discover how Internet intelligence can help you make better decisions.

Links

* [https://www.shodan.io](https://www.shodan.io/)

## Competitive Intelligence

Competitive intelligence (CI) is the process and forward-looking practices used in producing knowledge about the competitive environment to improve organizational performance.

Links

* <https://en.wikipedia.org/wiki/Competitive_intelligence>

## Other Techniques

Google earth

[Definition](https://cvs-organization.gitbook.io/ceh-v12-notes/definitions/definitions_g#google-earth)

Google finance

[Definition](https://cvs-organization.gitbook.io/ceh-v12-notes/definitions/definitions_g#google-finance)