Reconnaissance Part 2

OSINT

Open Source Intelligence

Email OSINT

Email Discovery

• hunter.io
• phonebook.cz
• voilanorbert.com
• Clearbit - Chromium Plugin
• tools.verifyemailaddress.io (Verify Email Address)

Use Forgot Password to tie email accounts.

In this way a recovery email can be tied to another email address.

---

Password OSINT

Credentials Stuffing

Automate Prevoiusly found username & Passwords

Dehashed

Hunting Breached Credentials with DeHashed

---

Find Subdomains

*.domain.com

• Sublist3r
  • python3 sublist3r.py -d domain.com
• Owasp
• Tomnomnom

---

Build and Frameworks

Know how website is built

• builtwith.com
• wappalyzer (Firefox Plugin)

---

Traffic Interception

Web Proxy

Burpsuite

Setup
---
- Change DNS Proxy to manual
- ip: 127.0.0.1    Port: 8080
- visit: https://burp
- Download Certificate
- Go To Firefox Privacy & Security
	- view certs
	- upload and select both
	- check boxes and OK.

Installed
- Turn on Intercept
- Check Website from Browser
- Turn off intercept
- Check Through Data