Passive Information Gathering

whois something.com | less 
google hacking
Netcraft
Recon-ng 
Open-Source code
#shodan - could reveal ports open / vuln exists 
hostname:something.com
​
#Security Header Scanner
securityheaders.com 
#SSL server test - checks for poodle or heartbleed vulns
https://www.ssllabs.com/ssltest
​
#Pastebin - public space for storing information
https://pastebin.com 
​
#Email Harvesting  #serches emails and sub domains 
theharvester -d something.com -b google 
​
#twofi is a tool that generates password list based on user's twitter account and posts.
#linkedin2username 
​
#OSINT Framwork - might give you ideas of which tools needed for what
​
#Maltego  - converts one information to another - high level data search tool 
​
Port scanning
Ports enum:
Last modified 1yr ago