⚡TOOLS FOR INFORMATION GATHERING⚡

this is not a substantive comment

Information Gathering is the act of gathering different kinds of information against the targeted victim or system. There are various tools, techniques, and websites, including public sources such as Whois, nslookup that can help hackers to gather information.
An important point to note before getting started is to remember to never use these tools on external networks or systems without permission, to help security and technology researchers. Information created.

Hidden Content

You must register or login to view this content.

:pepeclown2: ​​​​​​​IT TAKES TIME AND EFFORT TO WRITE THE THREADS . DO LIKE THE POSTS SO :pepeclown2: THAT I WOULD BE MOTIVATED

Top notch post my friend

A great thread and very well written. I personally use Maltego I will open a "Case FIle" from there I will map out the different pieces of information I have gathered. I can't tell you how many times google dorking has helped me find say a pdf or a doc file which helped me identify software used by say a target, generally this works well when the target has a large surface exposed. There are also many dual purpose tools, for example we might see VirusTotal for scanning files, but no it can also be used to scan urls/domains which in this case we can get some subdomains as well as possible IP addresses. The real basics of dig, nslookup and whois often are the bread and butter of recon.

A great thread and very well written. I personally use Maltego I will open a "Case FIle" from there I will map out the different pieces of information I have gathered. I can't tell you how many times google dorking has helped me find say a pdf or a doc file which helped me identify software used by say a target, generally this works well when the target has a large surface exposed. There are also many dual purpose tools, for example we might see VirusTotal for scanning files, but no it can also be used to scan urls/domains which in this case we can get some subdomains as well as possible IP addresses. The real basics of dig, nslookup and whois often are the bread and butter of recon.

Most of the time people don't even expect these things would work. I once talked to a guy who knowingly and irresponsibly had provided its scan report openly on the web. When i told him, what is point behind storing a document on the web that contains the list of port details and other scan reports of your company then he said that its impossible to get these docs as they are not linked to any page and he have searched on shodan and it was not there too :lulw: . Then i thought that why even i am trying to talk to such a guy. I still have the document {probably}, had it fallen into some bad hands the company could have been into ashes. It was terrible . 

The confidentiality of a client is important, sometimes people forget that but then again I have had clients in the past that called to tell us it was too much work. Our process was we send our gpg key in one email they send their key in another email now we can communicate and keep confidentiality. I think that sometimes people under-value the use of passive recon of a target, there are several passive yet effective ways of performing reconnaissance on a target without touching the target. I have been taught and believed that the only time a target should be touched, is during the exploitation of the target(s) to get our initial toehold and move to a foothold.

Nice work, looks comprehensive.

I want to get and try

Im curious about this. It its even still up

thanks for sharing i needed this  :kekw: :kekw:

Noble man, shirly I will use this against my "opps"  :pepelmao: :pepelmao: :pepelmao: :pepelmao: :pepelmao: :pepelmao: