Intelligence
Based on dataâ
Based on IPâ
whois -h whois.cymru.com <ip>
Based on domainâ
curl -s http://api.hackertarget.com/hostsearch/?q=<domain> > hostsearch
curl -s http://api.hackertarget.com/dnslookup/?q=<domain> > dnslookup
theHarvester -d <domain> -l 300 -b all -f output
metagoofil -d <domain> -t <doc,pdf,xls,ppt,odp,ods,docx,xslx,pptx> -l 200 -n 5 -o <out> -w
python sublist3r.py -d <domain>
subdomain(){ curl -s "https://crt.sh/?q=%25.$1" | sed 's/<\/\?[^>]\+>//g' | sort -u | grep -v "LIKE" | grep -v "crt.sh" | grep $1 | sed 's/ //' | grep -v "*" | grep $1 ; curl -s "https://certspotter.com/api/v0/certs?domain=$1" | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | uniq | grep $1 ; curl -s "https://api.hackertarget.com/hostsearch/?q=$1" | cut -d',' -f1 | sort -u ; curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$1&output=json" | jq -r .url | sort -u ;}
subdomain <domain> | sort | uniq
enum_commoncrawl(){ curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$1&output=json" | jq -r .url | sort -u ;}
Certificate Transparency Reports
- https://www.entrust.com/ct-search/
- https://cryptoreport.websecurity.symantec.com/checker/
- https://ssltools.digicert.com/checker/
- https://github.com/UnaPibaGeek/ctfr
- https://google.com/transparencyreport/https/ct/
Based on filesâ
exiftool <file>
Based on nicknameâ
python3 sherlock.py <nickname>
Online toolsâ
https://crt.sh/?q=%25.<domain>.<tld>
List of online tools
Based on ASNâ
Domain to ASN
ASN to netblocks
nmap <domain> --script targets-asn --script-args targets-asn.asn=<ASN> > netblocks.txt
Google Dorksâ
inurl:<company> AND intext:<key word>
ext:pdf <company>
site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://justpaste.it | site:http://pastebin.com | site:http://jsfiddle.net | site:http://trello.com "<company>"