Active Gathering
- Windows Interesting Files
- Linux Interesting Files
- Testing SSL/TLS certificates (SSLyze)
- HTTP/HTTPS Enumeration using curl
- Find someone Public IP using image URL
- PHPinfo: Information Disclosure
- Get Website components version with Wappalyze
- [Active – Information Gathering] Automated screenshot of websites with goWitness
- [Active – Information Gathering] Check alive URLs from a list using httprobe
- [Active – Information Gathering] Subdomain take over
- [Active – Information Gathering] Finding Sub-Domains with Amass
- [Active – Information Gathering] Finding Sub-Domains with AssetFinder
Services
- 21/tcp FTP – Enumeration
- 25,110,143/tcp SMTP,POP3,IMAP – Enumeration
- 53/tcp DNS – Enumeration
- 53/tcp DNS – Dig enumeration
- 79/tcp finger – Enumeration
- 139,445/tcp – SMB Enumeration
- 135 rpc – [Exploitation] RPC Domain Enumeration
- 1433/tcp MS-SQL – Enumeration MSSQL
- 2049/tcp nfs – Enumeration