🔐
OffSec Wiki
  • Tools
    • Nim Reverse Shell
    • Webcopilot
    • ReconFTW
    • ATOR
    • ClientChecker
    • Vulnx
    • ReconAlzer
    • Bbot
    • Automation Bug Hunting
    • Kali
    • Super XRay
    • BirdAdmin
    • SAST
      • Sonar Cloud
    • WhoAmI
    • BurpSuite
    • Hashcat
    • Spray365
    • Log4j Scan
    • Bitvise
    • Linpeas
    • PimpMyKali
    • V3n0M - Scanner
    • Python-Sec-Tools
    • PowerSploit
    • OneX
    • Osmedeus
    • Omega DSToolkit
    • Vortex
    • Emp3r0r
    • Stratus
    • CryptoSteganography
    • Tyr
    • GO/Net
    • Dirhunt
    • SharpSQLPwn
    • KASM
    • CVE-2022-0995
    • Bettercap
    • Online Vuln Scanners
    • AutoRecon
    • Burp Extensions
    • Malware Samples
    • Arjun
    • GooFuzz
    • ReNgine
    • Fuxxsploider
    • AllHackingTools
    • HELK
    • Pretender - MITM
    • Spidex
    • Legion
    • F11snipe
    • DNS Shell
    • PS Recon
    • TheFatRat
    • Poiana
    • AppThreat - dep scan
    • Fruity WIFI
    • Chisel
    • PHP-Obfuscator
    • Hoaxshell
    • Veil
    • Ninjasploit
    • Egressbuster
    • IP LOGGER link
    • Rubeus
    • Reverse Shell Generator
    • PARTH
    • Psudohash
    • CredMaster
    • RedHat Security Scanner
  • Information Gathering
    • Five Stages of Ethical Hacking
    • Port Based Checks
    • NMAP Scans
      • Host Discovery
    • Firefox
    • Reconnoitre
    • Check for anonymous SMB
    • Find information about program versions
    • Fast Google Dorks Scan
    • Searchsploit
    • DNS and CERTS
    • Dirsearch
    • Curl[Banner Grabbing]
    • Recon-ng- The Metasploit of recon
    • proxy listener in burp
    • specific domain
    • Passive Recon
    • Ping Sweeper
    • Ports Recon
    • Web Recon
    • Pasive Recon
    • Website Technology
    • Threader3000
    • Dirsearch
    • Censys - DNS and CERTS
    • ThreatCop
  • Exploitation
    • Exploit Notes
    • Metasploit
      • Meterpreter listener reverse-https
    • Shells / Payloads
    • Spawn BASH
    • Netcat
    • PwnKit - CVE- 2021-4034
    • Hydra Brute Forcing
    • WFUZZ Brute Forcing
    • MySQL Interactive console
    • SQLMap
    • Redis
    • SMTP Email Shell
    • PHP Shells
    • SQL Shells
    • Oracle Padding Attack
    • WIN Shells
    • Web Shells
    • Upgrade Shell
    • Nmap nse vuln scripts
    • EvilPDF
    • BITB
    • Payload obfuscation & AV Evasion
    • SHHHHLOADER
    • PDF Obfuscation
    • CSV Injection
    • Malicious Macros
    • Eternal Blue
    • Google Dorks
    • QR code Hacking
    • TLS Attacks
    • Exploit collection
    • RevShell Generator
    • BadUSB attack vs AMSI
    • Bypass 4xx
  • Cracking
    • GPP
    • Ciphey
    • Online Tools
    • Hashes
    • Windows files
    • Pass Generator
    • John
    • crackmapexec
    • GPG
  • Enumeration
    • SMB
    • WinRM
    • SQL
    • Active Directory Enum - brief
    • GoBuster
    • DNS Enumeration
    • WebDav
    • Enumerating phpinfo.php
    • VNC
    • SMTP
    • SNMP
    • IMAP
    • Subdomains Enum
    • Windows
  • API Sec
    • API Recon
    • Passive Recon
    • Active Recon
    • Reverse Engineering an API
    • Classic Authentication Attacks
    • Token Analysis
    • Broken Object Level Authorization
    • Broken Function Level Authorization
    • Improper Assets Management
    • Mass Assignment Attacks
    • Exploiting SSRF
    • Injection Attacks
    • Evasive Maneuvers
      • Combining Techniques
  • Web Pentesting
    • JENKINS
    • OWASP top 10
    • OWASP Cheat Sheet
    • HTTP Headers
    • Webgoat
    • Access Controls Flaws
    • AJAX - DOM Injection
    • XML Injection
    • JSON Injection
    • AJAX - Silent Transaction Attacks
    • AJAX - Insecure Client Storage
    • AJAX - Dangerous Use of Eval
    • AJAX - Same Origin Policy Protection
    • Passwords
    • Off-by-One Overflows
    • Discover Clues in the HTML
    • Thread Safety Problems
    • XSS Notes
    • Phishing with XSS
    • DOM-Based XSS
    • Stored XSS Attacks
    • Cross Site Request Forgery
    • CSRF Prompt Bypass
    • CSRF Token Bypass
    • Fail Open Authentication Scheme
    • Command Injection
    • Log Spoofing
    • XPATH Injection
    • SQLi
      • Union Attacks
      • Examining the DB
        • Listing the database contents on Oracle
        • Listing the database contents on non-Oracle databases
      • Port Swigger SQLi
      • SQLi Cheatsheet
      • SQLi - fundamentals
      • String SQL Injection
      • Manual SQLi
      • noSQL injection
    • Database Backdoors
    • Zip Bomb
    • Denial of Service from Multiple Logins
    • Insecure Communication
    • Malicious File Execution
    • XML External Entity (XXE)
    • XXE Injection
    • Bypass Client Side JavaScript Validation
    • Spoof an Authentication Cookie
    • Insomnia
    • Web App Testing Methodology
    • Test for command injection
    • Check for apache home directories
    • Web App Enum
    • Broken Authentication
    • Sensitive Data Exposure
    • Broken Access
    • JWT Tokens
    • Insecure Deserialization
    • Using Components with Known Vulnerabilities
    • Insufficient Logging and Monitoring
    • LFI Wordlists
    • RFI
    • Bypass web page redirects
    • wget behind auth
    • SSRF
    • Broken Object Level Authorization
    • File Upload Attacks Explained
    • HTTP for hackers
    • OAST
    • WebSockets Hack
  • Linux
    • Bash for loops
    • Understanding /etc/passwd
    • sed
    • grep
    • Linux file recovery multiple ways
    • Bandit Wargames
    • view all files in subdirectories
    • std in, std out, std err
    • Services
    • WILDCARDS
    • Shellcode
    • tmux
    • Xvnc running as root
  • Wordpress
    • WP POCs and Exploits
    • WordPress - general stuff
    • Where uploads are stored
    • Scanning and Enumeration
    • How to Find Security Vulnerabilities
    • Spawn Shell From WP Admin Access
  • Post Exploitation
    • File Transfers
    • Creds Dumping
    • Linux
      • Password Gathering from Config Files
      • Linux Priv Esc
        • PKEXEC
      • Linux Priv Esc - TCM Course
        • System Enum
        • User Enum
        • Network Enum
        • Password Hunting
        • Automated Tools
        • Kernel Exploitation
        • Password and File Permissions
        • sudo escalation path
        • SUID Escalation
        • SUID - Environment Variables #1
        • SUID - Environmental Variables #2
        • Binary Symlinks Escalation
        • Capabilities
        • Scheduled Tasks - Cron - Path
        • CRON - Wildcards
        • CRON - File Overwrite
        • NFS Root Squashing
      • Sudo NoPasswd with Nano
      • Priv Esc with MySQL
      • Jailed Shell Escape
      • NetCat to Rev Shell
    • Windows
      • Local Priv Exploits
      • Windows Priv Esc
      • Win Priv Esc II
      • Windows Kernel Exploits
      • Win Priv Esc - TCM Course
      • Windows Process Dump
      • Impersonation
      • C2 Frameworks and Win Shells
      • Maintaining Access
      • Potato Attacks
      • Alternate Data Streams
      • Evade Defender
      • Disable Win Defender
      • PrivEsc Resources
    • Buffer Overflow
    • Cloud Priv Esc
    • LXC Privesc
  • Persistence
  • Powershell
    • Providers
    • Powershell Cheat Sheet
    • Powershell Training
    • Exfil to WebHook
    • Spawn Shell as a different user
  • RED Teaming
    • TryHackMe - Red Team Path
      • Red Team Fundamentals
        • Red Team - Fundamentals
        • Red Team Engagements
        • Red Team Threat Intel
        • Red Team OPSEC
        • Intro to C2
      • Initial Access
        • Red Team Recon
        • Weaponization
        • Password Attacks
        • Phishing
      • Post Compromise
        • The Lay of the Land
        • Enumeration
        • Windows Privilege Escalation
        • Windows Local Persistence
        • Lateral Movement and Pivoting
        • Data Exfiltration
      • Host Evasions
        • Windows Internals
        • Introduction to Windows API
        • Abusing Windows Internals
        • Introduction to Antivirus
        • AV Evasion: Shellcode
        • Obfuscation Principles
        • Signature Evasion
        • Bypassing UAC
        • Runtime Detection Evasion
        • Evading Logging and Monitoring
        • Living Off the Land
      • Network Security Evasion
        • Network Security Solutions
        • Firewalls
    • Resources
    • LOCKHEED MARTIN CHAIN
    • C2 Stuff
      • Caldera
      • Cobalt Strike
      • Covenant
      • Koadic
      • Sliver
      • Havoc
    • Tools
      • VECTR
  • Purple Teaming
  • Reverse Engineering
    • C Programming
    • Python - Connect
    • Python - Fuzz
    • Debugging -Immunity
    • Hex Codes
    • x86 Opcodes
    • Immunity
    • gdb
  • Pivoting
    • Port Forwarding/Redirection
    • SSH Tunneling
    • Proxychains
    • Sshuttle
    • HTTP Tunneling
    • Metasploit Pivoting
    • Ncat Pivoting
    • Chisel Pivoting
    • Pivot Suite
    • Tunna/Fulcrom (HTTP)
    • Socat
    • Ligolo-ng
    • Double Pivoting
    • How to proxy any tool
  • Metasploit
    • Msfvenom
    • Metasploit Console
    • Meterpreter Shell
  • Networking
    • Subnetting
    • OSI Model
    • Private IP Address
    • Common Ports and Protocols
    • MAC Address Lookup
    • IPtables
    • IPv6
  • OSINT
    • Resources
    • Tools
    • Sock Puppets
    • Search Engine Operators
    • Reverse Image Searching
    • View EXIF data
    • Identifying Geographical Locations
    • Email OSINT
    • Password OSINT
    • Username OSINT
    • Searching for People
    • Hunting Phone Numbers
    • Social Media
    • Twitter OSINT
    • Facebook OSINT
    • Instagram OSINT
    • SnapChat OSINT
    • Website OSINT
    • Wireless OSINT
    • OSINT lab
    • Phone number
    • OSINT Frameworks
  • Active Directory
    • AD PT Mindset
    • AD Lab creation
    • Physical AD Components
    • Logical AD Components
    • Exploits
    • LLMNR Poisoning - Responder
    • SMB Relay
    • Get SMB Shares
    • Gaining shell
    • IPv6 Attacks
    • Passback Attacks
    • Post-Compromise Enumeration
    • Bloodhound
    • Post Compromise Attacks
    • Token Impersonation
    • PowerUp
    • Group Policy Preferences (GPP)
    • URL file attacks
    • Print Nightmare
    • ADRecon
    • Mimikatz
    • Certifried & Bloodhound: Active Directory Certificate Services Abuse
    • Certificate Services: Domain Dominance
    • Kerberoasting
    • Kerberos: Golden Tickets
    • ZeroLogon
    • Pass-back
    • ldap enum
    • From Domain Admin to Enterprise Admin
    • Silver Ticketing
    • AS-REP Roasting
    • AD Attacks Automated Scripts
  • Cloud
    • Azure Pentesting
      • Azure AD Attacks
      • Azure Goat
    • AWS Pentesting
    • IAM protocols
    • OpenID Connect
    • SAML
    • OAuth
      • Implicit Grant Type
      • Client Credentials Grant Type
      • The Resource Owner Password Credentials (ROPC) Grant Type
      • Refresh Tokens
      • OAuth 2.1
      • Browser Based Applications
      • Native applications
      • Backend for Frontend
      • OAuth + OpenID Connect
      • Automatically configuring clients with OAuth Metadata
      • SAML & OAuth
      • Token Exchange
  • Containers
    • Docker audit
      • Docker Bench Security
      • Trivy
    • Kubernetes PT Methodologies
    • Kubernetes Tools
  • WIFI
    • Monitor Mode
    • Airo-dump + Crack
    • Wireless Pentesting
    • Wordlists
    • Crunch
  • Buffer Overflow
    • Anatomy of Memory
    • Spiking
    • Fuzzing
    • Finding the Offset
    • Overwrite the EIP
    • Finding bad characters
  • Code Review
    • CI/CD Pentesting
    • C#
    • .NET review with SonarCloud
  • Routers
    • TP-Link
  • Automotive CyberSec
    • Initial steps
    • Car hacking
    • Automotive CyberSecurity Key Concepts
    • Pentesting Methodology
    • TARA
    • Implementation Strategy for ISO/SAE 21434:2021
    • Tools
    • Resources
  • Threat Modeling
    • APT3
    • Intro to Threat Modeling
    • HowTo's
    • General Concepts / TM frameworks
    • OWASP Threat Modeling
    • Threat Modeling based on the MITRE Enterprise ATT&CK Matrix
    • STRIDE
    • PASTA
    • NIST 800-53
  • Hardware & Lock Bypassing
  • Scripting
    • Bash
  • General PT Methodology
    • General Scoping Thoughts
    • Infrastructure Scoping
    • API Scoping
    • WebApp Scoping
    • Mobile Scoping
    • Cloud Scoping
    • Kubernetes Scoping
  • Blockchain
    • Web3 Security Library
    • 5 ways to hack a Blockchain
  • Challenges
    • Network Break-In
    • Corporate Espionage
  • Flipper
    • BadUSB
  • CERTS
    • CRTP
    • OSCP
      • HTB - OSCP PREP
        • Linux Boxes
          • Bashed Writeup w/o Metasploit
          • Beep Writeup w/o Metasploit
          • Cronos Writeup w/o Metasploit
          • FriendZone Writeup w/o Metasploit
          • Irked Writeup w/o Metasploit
          • Jarvis Writeup w/o Metasploit
          • Lame Writeup w/o Metasploit
          • Magic Writeup w/o Metasploit
          • Networked Writeup w/o Metasploit
          • Nibbles Writeup w/o Metasploit
          • Nineveh Writeup w/o Metasploit
          • Node Writeup w/o Metasploit
          • Poison Writeup w/o Metasploit
          • Sense Writeup w/o Metasploit
          • Shocker Writeup w/o Metasploit
          • SolidState Writeup w/o Metasploit
          • Sunday Writeup w/o Metasploit
          • SwagShop Writeup w/o Metasploit
          • Tabby Writeup w/o Metasploit
          • TartarSauce Writeup w/o Metasploit
          • Valentine Writeup w/o Metasploit
        • Windows Boxes
          • Active Writeup w/o Metasploit
          • Arctic Writeup w/o Metasploit
          • Bastard Writeup w/o Metasploit
          • Blue Writeup w/o Metasploit
          • Bounty Writeup w/o Metasploit
          • Chatterbox Writeup w/o Metasploit
          • Conceal Writeup w/o Metasploit
          • Devel Writeup w/o Metasploit
          • Forest Writeup w/o Metasploit
          • Grandpa Writeup w/ Metasploit
          • Granny Writeup w/o and w/ Metasploit
          • Jerry Writeup w/o Metasploit
          • Legacy Writeup w/o Metasploit
          • Optimum Writeup w/o Metasploit
          • Silo Writeup w/o Metasploit
        • Harder than OSCP
          • Bart Writeup w/o Metasploit
          • DevOops Writeup w/o Metasploit
          • Falafel Writeup w/o Metasploit
          • Hawk Writeup w/o Metasploit
          • Jail Writeup w/o Metasploit
          • Jeeves Writeup w/o Metasploit
          • Kotarak Writeup w/o Metasploit
          • LaCasaDePapel Writeup w/o Metasploit
          • Lightweight Writeup w/o Metasploit
          • Netmon Writeup w/o Metasploit
          • Safe Writeup w/o Metasploit
          • Tally Writeup w/o Metasploit
        • Archetype
    • CCRTA
    • Burp Practitioner
  • Notes
    • Cert Recommendations & Paths
    • Cristian Cornea
    • PT Cheatsheets - ChronosPK
  • Hacking Kubernetes
    • Lab_01 - Running Workloads Imperatively
    • Lab_02 - The Declarative Model
    • Lab_03 - Persisting Data
    • Lab_04 - Networking
    • Lab_05 - Hardening K8s
    • Lab_06 - Hacking From the Outside
    • Lab_07 - Hacking From the Inside
    • Lab_08 - Kubernetes Post-Exploitation
    • Lab_09 - Kubernetes Post-Exploitation Part 2
    • Course Materials
    • Tools
    • Useful commands
Powered by GitBook
On this page

Information Gathering

Information Gathering tools and techniques

PreviousRedHat Security ScannerNextFive Stages of Ethical Hacking

Last updated 1 year ago

Five Stages of Ethical Hacking
Port Based Checks
NMAP Scans
Firefox
Reconnoitre
Check for anonymous SMB
Find information about program versions
Fast Google Dorks Scan
Searchsploit
DNS and CERTS
Dirsearch
Curl[Banner Grabbing]
Recon-ng- The Metasploit of recon
proxy listener in burp
specific domain
Passive Recon
Ping Sweeper
Ports Recon
Web Recon
Pasive Recon
Website Technology
Threader3000
Dirsearch
Censys - DNS and CERTS
ThreatCop