Passive

Obtaining information about the Target without directly interacting with it.

Google Dorks

Google.

Info Google Dorks.

Database Google Dorks for Hacking.

Shodan

Shodan.

Info Shodan Dorks.

Shodan Exploit.

host <DOMAIN/IP>

nslookup <DOMAIN/IP>

Whois

Whois is a protocol and service that allows users to look up registration information related to Internet domains and IP addresses. It provides details such as the owner's name, registration date, and expiration date.

Command

whois <DOMAIN/IP>

Website

Website	Description
Whois	Whois enumeration website.

Combine IPs and hostnames found with WHOIS to verify that they are owned by the organization and not outsourced to ISPs (Internet Service Providers).

DNS

Command

host -t <TYPE> <DOMAIN> [<DNS_SERVER>]

nslookup -query=<TYPE> <DOMAIN> [<DNS_SERVER>] 
nslookup -type=<TYPE> <DOMAIN> [<DNS_SERVER>]

dig <TYPE> <DOMAIN> [@<DNS_SERVER>]

Website

Website	Details
Hurricane Electric	For the enumeration of DNS TYPEs.
viewDNS	For many specific DNS information

Other

Tool	Details
subfinder	Subdomain passively via online sources. subfinder -d <DOMAIN>

Certificates

Website

Website	Details
censys.io	Information about SSL/TLS certificates