| Information Gathering Type | Tools | Note |
| --------------------------------- | ---------------------- | -------------------------------------------------------- |
| **Passive Information Gathering** | whois | |
| | google dorking | |
| | github dorking | |
| | shodan | |
| | [[Ping Sweep]] | |
| **Active Information Gathering** | | |
| [[DNS 53]] Enumeration | [[host]] | Manual DNS enum |
| | [[dnsrecon]] | Automated DNS enum |
| | [[dnsenum]] | Automated DNS enum |
| | [[nslookup]] | DNS enum from Windows |
| Port Scanning | [[netcat]] | Not exactly a port scanner |
| | [[nmap]] | |
| | masscan | |
| | rustscan | |
| | [[Test-NetConnection]] | port scanning in Windows<br>built-in powershell function |