| Information Gathering Type | Tools | Note | | --------------------------------- | ---------------------- | -------------------------------------------------------- | | **Passive Information Gathering** | [[whois]] | | | | [[google hacking]] | | | | github dorking | | | | shodan | | | | [[Ping Sweep]] | | | **Active Information Gathering** | | | | [[DNS 53]] Enumeration | [[host]] | Manual DNS enum | | | [[dnsrecon]] | Automated DNS enum | | | [[dnsenum]] | Automated DNS enum | | | [[nslookup]] | DNS enum from Windows | | Port Scanning | [[netcat]] | Not exactly a port scanner | | | [[nmap]] | | | | masscan | | | | rustscan | | | | [[Test-NetConnection]] | port scanning in Windows<br>built-in powershell function | | **Services** | | | | [[sec/OSCP Notes/09 More Tools & Concepts/Wordpress]] | [[wpscan]] | | | | | |