# OSINT

## User Enumeration/Emails

### hunter.io - email address search

### **TheHarvester**

```
$ apt-get install theharvester
$ theHarvester -d tesla.com -l 500 -b google
 | domain | | through google
 | length of searches
 [*] Emails found: 4
 ----------------------
 accountsupportemea@tesla.com
 buildmy3emea@tesla.com
 orderpartsuk@tesla.com
 uk_sales@tesla.com

 [*] Hosts found: 4
 ---------------------
 forums.tesla.com:23.216.80.165
 ir.tesla.com:104.124.60.90, 104.124.60.49
 shop.tesla.com:23.216.80.165
 
www.tesla.com:23.216.80.165
```

### `Bluto`

DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Checking

## **Passwords**

### Have I Been Pwned?

check if emails have accounts with leaked credentials on: <https://haveibeenpwned.com/>

### Wordlists

Check wordlists, e.g. 1.4 BILLION CLEARTEXT PASSWORDS\
<https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis><br>

## Technology

`crt.sh` to enumerate subdomains\
\
`Wappalyzer` for Firefox\
&#x20;-check front and back end technologies on a website\
\
`whatweb` #comes included with Kali\
&#x20;WhatWeb - Next generation web scanner\
\
`builtwith.com`\
&#x20;\- check technology profile of a website without associating your IP