- "site:[SITE]": search only for results residing on [SITE] and any associated sub-domains
- "inurl:[STRING]": search only for results with URLs containing [STRING]
Provided by Offensive Security. Contains user-submitted search queries for gathering certain sensitive information about target sites/organizations
Internet monitoring company that can be leveraged to obtain information about internet-facing web servers, including:
- Operating System
- Web Server platform and version
- Uptime
- etc.
Passively gather email addresses, hostnames, and individual people names belonging to a specified domain
-d: domain to search
-b: data source to use (see help/manpage)
-l: limit number of results
whois [DOMAIN]
whois [IP]
"Full-featured" web reconnaissance framework. Very similar user interface to Metasploit. Contains MANY different modules of various types
- whois_poc: whois point-of-contacts
- google_site_web: sub-domain search in google