Particle42
  • 🔬Network Enumeration
    • NMAP
    • TCPdump
  • 🔭Website Enumeration
    • Passive Information Gathering
    • Subdomain Enumeration
  • 🖥️Web Application
    • URL & App Scan
    • Subdomain/Vhost Fuzz
    • Login Hack
    • Cross Site Scripting
    • Directory Traversal
    • Local File Inclusion
    • Remote File Inclusion
    • PHP Wrappers
    • SQL Injection
      • Bypass Authentication
      • Database Enumeration
      • Code Execution Via Injection
      • SQL Injection Tools
      • Other Resources
    • NOSQL Injection
      • Bypass Authentication
    • WordPress Scanner
    • Hints & Easter Eggs
  • 🎣Phishing
    • Client Info Gathering
    • HTA
    • Word Macros
    • Windows Library Files
  • 🪟Windows
    • Enumeration & PE Quick Ref
    • Enumeration
      • Users
      • Powershell History
      • System Details
      • Applications & Services
      • Files & Filesystems
      • Cached Creds
    • Windows PE
      • Windows PE Checklist
      • Service Binary Hijacking
      • Important Files
      • Service DLL Hijacking
      • Unquoted Service Paths
      • Other PE Methods
      • Finding PE Vulns
      • SeImpersonatePrivilege
      • Bypassuac using Bypassuac.exe
      • Bypassuac using eventviewer.exe
      • Rasta Watson
    • Windows Remote Access
  • 📂Active Directory
    • About
    • Important Definitions
    • Exploitation Methodology
    • AD Kerberos
      • Invoke-Kerberoast - Shortcut
    • Domain Recon
      • Auto Recon
    • AD Authentication Attacks
      • Password Guessing
      • Creating & Cracking TGS
      • Kerberoasting
    • Lateral Movement
      • Pass the Hash
      • Overpass the Hash
      • Pass the Ticket
      • Distributed Component Object Model
      • Golden Ticket
      • Shadow Copy
      • Domain Controller Sync
      • Windows Management Instrumentation
      • PowerShell Remoting
    • All Commands, Tools & Scripts
      • Using Crackmapexec
      • Using Powerview
      • Important Scripts & Links
  • 🍺Buffer Over Flow
    • Finding EIP Position
    • Eliminating Bad Characters
    • Finding Return Address
    • Payload for BOF
  • 🐧Linux
    • Enumeration
      • Users
      • Encrypted Files
      • System Info
      • Files & Filesystems
      • Applications & Services
    • Attack Vectors
      • Authorised Keys
    • Linux PE
      • Enumeration Commands
      • Finding PE Vulns
      • Check Sudo List
      • Add User to Passwd File
      • SUIDs
      • Tasks with Wildcard
      • Dirty Cow
      • DirtyPipe
      • Insecure File Permissions
      • Enumerating Processes
    • Quick Commands
  • Services
    • SMB
      • Find Server Version
      • Directory Traversal using Symlink
      • Enable Passwordless SMB Access
    • MSSQL
    • MYSQL
    • PHPLiteAdmin
    • SSH
      • Limited Keys Issue
    • SMTP
      • Sending Email
    • Webdav
    • DNS
      • DNS Recon
  • ↗️Pivoting
    • Bringing Internet Access
    • Port Forwarding
      • Local Port Forwarding
      • Remote Port Forwarding
      • Dynamic Port Forwarding
    • HTTP Tunnel-ing
    • DNS Tunneling
    • Chisel
    • Ligolo-NG
  • 🔑Passwords
    • Wordlist Generation
    • HTTP Applications
    • OS Login
    • Password Cracking
      • Using Hashes Directly
      • Cracking Hashes
    • SAM & System
  • 🛠️Practical Tools
    • Remote Shell
      • Alternate Reverse Shells
      • Move to Interactive Shell
    • File Transfers
      • Quick Webservers
    • CURL
    • Payloads
      • MSFVenom
      • Veil Framework
    • Crafty Executable
    • Metasploit
      • Discovery
    • IMPACKET
      • MSSQL-Client
    • Clever Alternatives
  • 🚀Privilege Escalation
    • General Info
  • ⚡Resources
    • Exploits
Powered by GitBook
On this page
  • Hosting Information
  • Search Engines
  • Google Dorks
  • Netcraft
  • Recon-ng
  • Shodan
  • Security Headers
  • Source Code Info
  • SSL Info
  • SSL Labs
  • User Info Gathering
  • Email Harvesting
  • Password Dumps
  • Social Media Tools

Was this helpful?

  1. Website Enumeration

Passive Information Gathering

Hosting Information

The hosting information about a website can expose a lot of details about the organization, such as the address, responsible employee, etc.

whois tool can be used for fetching this info,

whois particle42.com

Search Engines

Search engines are some of the best tools to conduct passive information gathering on websites and companies. Here are some of the popular search engines,

Google Dorks

Some of the popular search operators of Google Dorks,

  • site:particle42.com

  • filetype:pdf

  • -filetype:html #exclude files that are html

  • intitle:"index of"

Netcraft

It is a internet services company that gathers various information from websites. They also have a paid service.

Recon-ng

This is a module based framework for web based information gathering. You can add the modules and perform the searches to keep adding the results to a database. Finally all the information can be displayed in a presentable form.

Shodan

It is a search engine that crawls devices connected to the internet including but not limited to the world wide web.

Security Headers

This is another website for gathering information about a website or a domain's security posture.

Source Code Info

One of the biggest mistakes a firm can make is leave source code open to the general public and leave sensitive credentials such as username, passwords or api tokens in the source code. Its always a good idea to search the popular project management websites such as GitHub, GitLab or SourceForge.

Gitrob or Gitleaks are tools that search through source code for such secrets. It uses regular expressions for searching through the code base,

SSL Info

SSL Labs

This website runs a test of the SSL server of a website and compares the results with the current best practices. It will test the server against some of the popular vulnerabilities.

User Info Gathering

Email Harvesting

Gaining the email addresses of the employees of an organization is one of the first steps towards social engineering attacks. Harvester tool can be used for finding the email address, domain names, sub domains, IPs and URLs.

theharvester -d megacorpone.com -b google

Password Dumps

Hackers usually dump the illgained credentials in less reputable sites such as,

Social Media Tools

Social media is one of the best places to gather info about an organizations employees, their interests, events, etc.

Twofi scans a user's twitter feed to create personalized password lists,

linkedin2username is a script that can be used to extract info from Linkedin,

PreviousTCPdumpNextSubdomain Enumeration

Last updated 1 year ago

Was this helpful?

🔭
https://searchdns.netcraft.com
Search Engine by Netcraft
ShodanShodan
Shodan Search Engine
Analyse your HTTP response headerssecurityheaders
Security Headers
GitHub - michenriksen/gitrob: Reconnaissance tool for GitHub organizationsGitHub
Logo
GitHub - zricethezav/gitleaks: Scan git repos (or files) for secrets using regex and entropy 🔑GitHub
SSL Server Test (Powered by Qualys SSL Labs)
SSL Labs
Logo
Have I Been Pwned: Pwned websites
Logo
Social Searcher - Free Social Media Search Engine
Logo
twofi - Twitter Words of Interest - DigiNinjadigininja
GitHub - initstring/linkedin2username: OSINT Tool: Generate username lists for companies on LinkedInGitHub
Logo
Logo
Logo
Logo
Logo