Explore online vulnerability for servers and IoT devices : https://www.shodan.com

get dumped leaked information : https://www.pastebin.com

 

Text  and source code leak: https://github.com

online Swiss Army knife tools: https://www.dnsstuff.com

also use the url: http://searchdns.netcraft.com you can find target website information

whois domain-name.com ,because every domain name is registered in a public WHOIS database , depending on the database that is queried.it will reveal a lot of juicy information . including name ,phone number ,Emails address Physical DNS  and so on .

dnsenum domain-name.com  ,DOMAIN name System is a database that resolves domain name  ,wen can use it gather information such as  identigy new domain names or subdomians associated target .and find services (for example FTP ,SSL ,Telnet)

  these commands may userful

   denenum domain_name.com 

   fierce -dns domain_name.com

   dnsrecon -w -d domain_name.com  -t axfr      (-w it means deep ,  -t  stand for type   axfr it's all DNS server )

Gatering email address :theharvester script is a Python tool/script that can gather the target email address

 Active information gathering services enumeration  ,a lot of wegit can be used .scan ,advanced_ip_scanner   nmap 

  the nmap command :

      nmap -sn [ip ]

      netdiscover -r [ip]

how to identifying opne ports/services ,we usually use ping ,but is not in here : we can use TCP scan -interanet

 nmap -sS -sV -sC --version-all -o --osscan-guess -T4 --reason --open -p--Pn -v [ip]

 

UDP scan -intranet : nmap -sU --top-ports 1000 -Pn -v [ip]

TCP scan -from the internet:  nmap -sS -T2 --top--ports 1000  -Pn -v [ip]

   nmap -sU --top-ports 100 -Pn -v [ip]

Server probing and enumeration   to find 21 port server FTP we can use command

      nmap -sV -p 21 -Pn -T5 --host-timeout 15ms --script=ftp* -v [ip]

ofcourse the Credential burte force:   hydra -t 10 -V -f -L [users dic file path ] -P [passwords dic file path] ftp://[ip]

 and other ports also user the way .