- What can we do with the information found on websites?
- Always use Google for initial OSINT
- Initially, search for the string and then place the string in quotes
- Next, attempt site:tcm-sec.com
- The overall goal is to make the Google results more specific to match your searches
We can then use sites and tools to outsource and uncover additional information on these targets.
- BuiltWith - https://builtwith.com/
- Domain Dossier - https://centralops.net/co/
- DNSlytics - https://dnslytics.com/reverse-ip
- SpyOnWeb - https://spyonweb.com/
- Virus Total - https://www.virustotal.com/
- Visual Ping - https://visualping.io/
- Back Link Watch - http://backlinkwatch.com/index.php
- View DNS - https://viewdns.info/
- Pentest-Tools Subdomain Finder - https://pentest-tools.com/information-gathering/find-subdomains-of-domain#
- Spyse - https://spyse.com/
- crt.sh - https://crt.sh/