Active Gathering
- Windows Interesting Files
- Linux Interesting Files
- Testing SSL/TLS certificates (SSLyze)
- HTTP/HTTPS Enumeration using curl
- Find someone Public IP using image URL
- PHPinfo: Information Disclosure
- Get Website components version with Wappalyze
- [Active - Information Gathering] Automated screenshot of websites with goWitness
- [Active - Information Gathering] Check alive URLs from a list using httprobe
- [Active - Information Gathering] Subdomain take over
- [Active - Information Gathering] Finding Sub-Domains with Amass
- [Active - Information Gathering] Finding Sub-Domains with AssetFinder
Services
- 21/tcp FTP - Enumeration
- 25,110,143/tcp SMTP,POP3,IMAP - Enumeration
- 53/tcp DNS - Enumeration
- 53/tcp DNS - Dig enumeration
- 79/tcp finger - Enumeration
- 139,445/tcp - SMB Enumeration
- 135 rpc - [Exploitation] RPC Domain Enumeration
- 1433/tcp MS-SQL - Enumeration MSSQL
- 2049/tcp nfs - Enumeration