5-Stages of Ethical Hacking

• Reconnaisance (Activate vs Passive)
• Scanning and Enumaration (nmap, nessus)
• Gaining Access (Exploitation)
• Maitaning Access
• Covering tracs (cleaning up)

Information Gathering

Passive Recon

Types: Physical/Social

• Location information:

  • satellite images, drone recon
  • building layout

• Job Information

• Employees (names, jobtitle, phone number, etc)
• Pictures (badges photoes, desk photos, computer, etc)

Web/Host

Bugcrowd for programs and targets

Discoverig Email Addresses

Hunter for email discovery and verify or Phonebook for chrome as an extesnion clearbit another one verifyemail

Hunting breached credentials

Dehashed

Hunting subdomains

apt istall sublister

• Get subdomains with wublist3r

Search by certificate with crt.sh

• The go to tool is OWASP-AMASS

Identify built with

Check builtwith and wappalyzer for firefox whatweb on kali

Installing Tor Browser on Kali Linux

kali@kali:~$ sudo apt update
kali@kali:~$
kali@kali:~$ sudo apt install -y tor torbrowser-launcher
kali@kali:~$

kali@kali:~$ torbrowser-launcher