Passive Recon – Digitalmunition




Home Forums Passive Recon

This topic contains 1 reply, has 2 voices, and was last updated by  faultless280 3 weeks, 5 days ago.

  • Author
    Posts
  • #311762

    anonymous
    Participant

    Hey everyone!
    I don’t know if any of you is a fan of passive recon, but I just wanted to ask a few questions from you all.
    1. What all information can we gather passively, be it for bug bounty, pentesting….etc?
    2. What all tools can you suggest (OSINT tools) for gathering such information?

  • #311763

    faultless280

    Not an OSINT guy but here is what I know:

    1) There is a ton of stuff to include: Usernames, passwords, email accounts, domains, internet facing assets, internal IP structure of network, knowledge of employee roles and responsibilities, source code, software and other technologies used by the company, etc.

    2) Many tools but some of the top ones include recon-ng, google / ghdb (google hacking database), theHarvester, shodan, Social media websites, haveibeenpwned, and Maltego

You must be logged in to reply to this topic.