This topic contains 1 reply, has 2 voices, and was last updated by faultless280 3 weeks, 5 days ago.
- September 26, 2020 at 6:07 pm #311762
I don’t know if any of you is a fan of passive recon, but I just wanted to ask a few questions from you all.
1. What all information can we gather passively, be it for bug bounty, pentesting….etc?
2. What all tools can you suggest (OSINT tools) for gathering such information?
- September 26, 2020 at 6:07 pm #311763
Not an OSINT guy but here is what I know:
1) There is a ton of stuff to include: Usernames, passwords, email accounts, domains, internet facing assets, internal IP structure of network, knowledge of employee roles and responsibilities, source code, software and other technologies used by the company, etc.
2) Many tools but some of the top ones include recon-ng, google / ghdb (google hacking database), theHarvester, shodan, Social media websites, haveibeenpwned, and Maltego
You must be logged in to reply to this topic.