Passive Recon – Digitalmunition

Home Forums Passive Recon

This topic contains 1 reply, has 2 voices, and was last updated by  faultless280 3 weeks, 5 days ago.

  • Author
  • #311762


    Hey everyone!
    I don’t know if any of you is a fan of passive recon, but I just wanted to ask a few questions from you all.
    1. What all information can we gather passively, be it for bug bounty, pentesting….etc?
    2. What all tools can you suggest (OSINT tools) for gathering such information?

  • #311763


    Not an OSINT guy but here is what I know:

    1) There is a ton of stuff to include: Usernames, passwords, email accounts, domains, internet facing assets, internal IP structure of network, knowledge of employee roles and responsibilities, source code, software and other technologies used by the company, etc.

    2) Many tools but some of the top ones include recon-ng, google / ghdb (google hacking database), theHarvester, shodan, Social media websites, haveibeenpwned, and Maltego

You must be logged in to reply to this topic.