Reconnaissance Tools
| Usage | Tool |
|---|---|
| Target Validation | nslookup, dnsrecon, WHOIS |
| Subdomain Search | Amass, Sublist3r, crt.sh, dig |
| Fingerprinting | Nmap, NetCat, Wappalyzer, WhatWeb, BuiltWith |
| Data Leaks | WeLeakInfo, HaveIBeenPwned, Breach-Parse |
Identify Target
Bug Bounty
Using Bug Crowd I found Lime as a legal target for testing
Information Gathering
Hunter.io
Web Tool for Identifying Emails (li.me is there main website)
Subdomain Search
Sublist3r
Quick and Easy Search Engine Scanner
crt.sh
Web Tool for Sub Domain Searching
Although These result arent very intersting further scrolling reveals admin/test tools
Amass
Best Subdomain Searcher
Fingerprinting
Wappalyzer
FireFox Extension for Webpages
Built With Web Tool for Fingerprinting
WhatWeb
Built in Fingerprinter
WebProxy
BurpSuite Community Eddition
Best Web Scanner
