OSINT
Gathering information from publicly available sources like websites and public records.
Google Dorking
Using advanced search operators to find sensitive information indexed by search engines.
WHOIS Lookups
Querying databases to get domain registration details like owner and name servers.
DNS Enumeration
Querying DNS records to map out network infrastructure and services.
Social Media Intel
Analyzing social media profiles to find employee details and technology stacks.
Website Analysis
Inspecting website history and configuration files like `robots.txt`.
Ping Sweeps
Sending ICMP requests to a range of IPs to identify live hosts on a network.
Port Scanning (Nmap)
Probing a server for open ports to identify running services and potential entry points.
Banner Grabbing
Capturing service banners to identify software versions and operating systems.
Traceroute
Mapping the network path to a target to understand network topology.
Vulnerability Scanning
Using tools like Nessus or OpenVAS to actively probe for known vulnerabilities.