Passive Reconnaissance

  • Physical
    • Location
      • Satellite Images
      • Drone Recon
      • Building Layouts, etc.
  • Social
    • Job Information
      • Employees
        • Name, Job, Title, Manager Name
      • Picture
        • Badge Picture
        • Desk Photos
        • Computer Photos
  • Web/Host
    • Target Validation
      • Whois
      • nslookup
      • dnsrecon
    • Finding Subdomains
      • Google Fu
      • dig
      • nmap
      • sublist3r
      • bluto
      • crt.sh
    • Fingerprinting Finding what is used on the app.
      • nmap
      • wappalyzer
      • WhatWeb
      • BuiltWith
      • Wetcat
    • Data Breaches
      • haveibeenpwned
      • Breach-Parse
      • weleakinfo