| Information Gathering Type | Tools | Note | | --------------------------------- | ---------------------- | -------------------------------------------------------- | | **Passive Information Gathering** | whois | | | | google dorking | | | | github dorking | | | | shodan | | | | [[Ping Sweep]] | | | **Active Information Gathering** | | | | [[DNS 53]] Enumeration | [[host]] | Manual DNS enum | | | [[dnsrecon]] | Automated DNS enum | | | [[dnsenum]] | Automated DNS enum | | | [[nslookup]] | DNS enum from Windows | | Port Scanning | [[netcat]] | Not exactly a port scanner | | | [[nmap]] | | | | masscan | | | | rustscan | | | | [[Test-NetConnection]] | port scanning in Windows<br>built-in powershell function |