💪Passive Information Gathering

Passive information gathering refers to gathering as much information as possible without establishing contact between the pen tester (yourself) and the target about which you are collecting information.

It is passive in the meaning that it doesn't directly send packets to the service.

In passive information gathering process we are collecting information about the targets using publicly available information(resources). Can be use Search engine results, who-is information. The goal is to find many information as possible about the target.

Passive Information Gathering Tools:

WHOIS Lookup : Provides information about who owns a domain name and their contact information. Example: WHOIS.com, DomainTools

Nslookup : Queries DNS to obtain domain name or IP address mapping or other DNS records.

TheHarvester : Gathers emails, subdomains, hosts, employee names, open ports, and banners from different public sources.

Shodan Utility: A search engine that lets the user find specific types of computers connected to the internet using various filters.

Censys Utility: Collects data on hosts and websites through regular scans of the public internet.

Maltego : Proprietary software for open-source intelligence and forensics, developed by Paterva.

Recon-ng : A full-featured Web Reconnaissance framework written in Python.

Google Dorks : Uses advanced search queries in Google to find vulnerabilities and sensitive information.

Netcraft : Provides internet security services including cybersecurity, anti-fraud and anti-phishing services.

Robtex : A powerful DNS, IP, route, and AS internet toolbox.

BuiltWith : Tells you what a website is built with by looking at its technology stack.