Passive Reconnaissance
- Physical
- Location
- Satellite Images
- Drone Recon
- Building Layouts, etc.
- Location
- Social
- Job Information
- Employees
- Name, Job, Title, Manager Name
- Picture
- Badge Picture
- Desk Photos
- Computer Photos
- Employees
- Job Information
- Web/Host
- Target Validation
- Whois
- nslookup
- dnsrecon
- Finding Subdomains
- Google Fu
- dig
- nmap
- sublist3r
- bluto
- crt.sh
- Fingerprinting
Finding what is used on the app.
- nmap
- wappalyzer
- WhatWeb
- BuiltWith
- Wetcat
- Data Breaches
- haveibeenpwned
- Breach-Parse
- weleakinfo
- Target Validation