search

OSINT

hashtag
User Enumeration/Emails

hashtag
hunter.io - email address search

hashtag
TheHarvester

$ apt-get install theharvester
$ theHarvester -d tesla.com -l 500 -b google
 | domain | | through google
 | length of searches
 [*] Emails found: 4
 ----------------------
 [email protected]
 [email protected]
 [email protected]
 [email protected]

 [*] Hosts found: 4
 ---------------------
 forums.tesla.com:23.216.80.165
 ir.tesla.com:104.124.60.90, 104.124.60.49
 shop.tesla.com:23.216.80.165
 
www.tesla.com:23.216.80.165

hashtag
Bluto

DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Checking

hashtag
Passwords

hashtag
Have I Been Pwned?

check if emails have accounts with leaked credentials on: https://haveibeenpwned.com/arrow-up-right

hashtag
Wordlists

Check wordlists, e.g. 1.4 BILLION CLEARTEXT PASSWORDS https://github.com/philipperemy/tensorflow-1.4-billion-password-analysisarrow-up-right

hashtag
Technology

crt.sh to enumerate subdomains Wappalyzer for Firefox -check front and back end technologies on a website whatweb #comes included with Kali WhatWeb - Next generation web scanner builtwith.com - check technology profile of a website without associating your IP

PreviousReconNextEnumeration

Last updated