Active Gathering

• Windows Interesting Files
• Linux Interesting Files
• Testing SSL/TLS certificates (SSLyze)
• HTTP/HTTPS Enumeration using curl
• Find someone Public IP using image URL
• PHPinfo: Information Disclosure
• Get Website components version with Wappalyze
• [Active – Information Gathering] Automated screenshot of websites with goWitness
• [Active – Information Gathering] Check alive URLs from a list using httprobe
• [Active – Information Gathering] Subdomain take over
• [Active – Information Gathering] Finding Sub-Domains with Amass
• [Active – Information Gathering] Finding Sub-Domains with AssetFinder

Services

• 21/tcp FTP – Enumeration
• 25,110,143/tcp SMTP,POP3,IMAP – Enumeration
• 53/tcp DNS – Enumeration
• 53/tcp DNS – Dig enumeration
• 79/tcp finger – Enumeration
• 139,445/tcp – SMB Enumeration
• 135 rpc – [Exploitation] RPC Domain Enumeration
• 1433/tcp MS-SQL – Enumeration MSSQL
• 2049/tcp nfs – Enumeration

Passive Gathering

• Find internet accessible devices – Shodan
• How to use whois
• Website infrastructure with Netcraft Site Report
• Domain info using Robtex
• [Information Gathering] Gathering old information from WayBackMachine using waybackurls