Learn Pentesting like a Pro!

Share this post

🥷 Top sites for passive reconnaissance

pentesting.academy

🥷 Top sites for passive reconnaissance

Passive reconnaissance is a critical step for bug bounties or penetration testing engagements, get ready!

pentesting.academy
Feb 3
Share this post

🥷 Top sites for passive reconnaissance

pentesting.academy
Photo by Mediamodifier on Unsplash

Passive reconnaissance is the process of collecting information in a covert manner about an intended target without the target knowing what is occurring.

Mainly is done searching information about the target on the Internet (Google, Linkedin, etc) and also searching for metadata (i.e. domain registers information, OSINT tools, etc).

  • https://shodan.io

  • https://censys.io

  • https://pastebin.com

  • https://archive.org/web/

  • https://gist.github.com/search

  • https://sitereport.netcraft.com/

  • https://hunter.io Email recon

  • https://www.netdb.io/ IOT search engine

  • https://securitytrails.com/dns-trails DNS subdomains recon

  • https://securityheaders.com/ HTTP headers recon

  • https://www.wigle.net/ WIFI

  • https://www.kitterman.com/spf/validate.html Validate SMTP SPF fields

  • https://www.fraudmarc.com/dmarc-check Validate SMTP SPF/DMARC policies

  • https://mxtoolbox.com/DMARC.aspx Validate SMTP SPF/DMARC policies

  • https://dmarcian.com/dmarc-inspector/ Validate SMTP DMARC policy

  • https://crt.sh Certificate Transparency Site

Another effective way to do passive recon is obviously through Google, actually there is a term for that: Google dorking or google dorks, you can read more about it below:

Learn Pentesting like a Pro
How to use Google Dorks easily
Google Dork is an advanced Google search query using special commands such as allinurl, allintitle, etc to leverage Google to find public information. Is also a good way to perform passive reconnaissance. Offensive Security has the major Google Dork database called GHDB…
Read more
2 years ago · pentesting.academy

Did I miss some great tool? Please add it in the comments below :)

Leave a comment

Share this post

🥷 Top sites for passive reconnaissance

pentesting.academy
Comments
TopNew

No posts

Ready for more?

© 2023 pentesting.academy
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing