Skip to content

OSINT

Asset Discovery & Reconnaissance

Techniques

WebApps

Tools

Cheatsheet

dnsrecon -d facebook.com -r 157.240.221.35/24 #Using facebooks dns
dnsrecon -r 157.240.221.35/24 -n 8.8.8.8 #Using google dns

# Follow the installation instructions in the reconftw wiki to build the image
# -p    Passive - Perform only passive steps
# -n    OSINT - Performs an OSINT scan (no subdomain enumeration and attacks)
# -s    Subdomains - Perform only subdomain enumeration, web probing, subdomain takeovers
sudo docker run -it --rm  -v "${PWD}/reconftw.cfg":'/reconftw/reconftw.cfg'  -v "${PWD}/Recon/":'/reconftw/Recon/' <IMAGE_ID> -l /reconftw/Recon/domains.txt -spn -o /reconftw/Recon/output


python3 cloud_enum.py -k <key_word> -t 10 

python3.11 theHarvester.py -d <DOMAIN> -b all