OSINT
User Enumeration/Emails
hunter.io - email address search
TheHarvester
$ apt-get install theharvester
$ theHarvester -d tesla.com -l 500 -b google
| domain | | through google
| length of searches
[*] Emails found: 4
----------------------
[email protected]
[email protected]
[email protected]
[email protected]
[*] Hosts found: 4
---------------------
forums.tesla.com:23.216.80.165
ir.tesla.com:104.124.60.90, 104.124.60.49
shop.tesla.com:23.216.80.165
www.tesla.com:23.216.80.165Bluto
BlutoDNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Checking
Passwords
Have I Been Pwned?
check if emails have accounts with leaked credentials on: https://haveibeenpwned.com/
Wordlists
Check wordlists, e.g. 1.4 BILLION CLEARTEXT PASSWORDS https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis
Technology
crt.sh to enumerate subdomains
Wappalyzer for Firefox
-check front and back end technologies on a website
whatweb #comes included with Kali
WhatWeb - Next generation web scanner
builtwith.com
- check technology profile of a website without associating your IP
Last updated
Was this helpful?