INFORMATION GATHERING

• People Recon:-
• http://www.pipl.com/
• http://www.123people.co.uk/
• http://www.spokeo.com/

• Harvesting email addresses: - 
• theharvester.py -d <domain> -l 100 -b google or linkedin  
• Enumerating Subdomains: - 
• fierce.pl -dns example.com
• maltego
• google - site:example.com -www  
• IP Ranges: - 
• whois
• ipnetinfo.exe
• reverse host lookups on found subdomains to find extra ranges - for hostname in $(cat subdomains.txt);do host $hostname;done
• Extracting usernames and other info from metadata: -
•  metagoofil -d <domain> -l 20 -f all -o output.html -t /tmp
• Finding vulnerable servers: -
• Shodan - http://www.shodanhq.com/ 
• Google hacking is back! - http://www.exploit-db.com/google-dorks/