OSINT

User Enumeration/Emails

hunter.io - email address search

TheHarvester

$ apt-get install theharvester
$ theHarvester -d tesla.com -l 500 -b google
 | domain | | through google
 | length of searches
 [*] Emails found: 4
 ----------------------
 accountsupportemea@tesla.com
 buildmy3emea@tesla.com
 orderpartsuk@tesla.com
 uk_sales@tesla.com

 [*] Hosts found: 4
 ---------------------
 forums.tesla.com:23.216.80.165
 ir.tesla.com:104.124.60.90, 104.124.60.49
 shop.tesla.com:23.216.80.165
 
www.tesla.com:23.216.80.165

Bluto

DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Checking

Passwords

Have I Been Pwned?

check if emails have accounts with leaked credentials on: https://haveibeenpwned.com/

Wordlists

Check wordlists, e.g. 1.4 BILLION CLEARTEXT PASSWORDS https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis

Technology

crt.sh to enumerate subdomains Wappalyzer for Firefox -check front and back end technologies on a website whatweb #comes included with Kali WhatWeb - Next generation web scanner builtwith.com - check technology profile of a website without associating your IP

PreviousReconNextEnumeration

Last updated