- Enumeration (0daysecurity)
- Asset Discovery - Doing Reconnaissance the Hard Way (Patrick Hudak)
- How to Hunt
- Just Another Recon Guide for Pentesters and Bug Bounty Hunters - Offensity
- Subdomain Enumeration - 0xpatrik
- Nmap limit the scan rate for each host, without limiting the scan rate for the scan as a whole
- Nmap Firewall Evasion (infosecinstitute)
Useful services for Out of Band exploitation.
- Burp Collaborator
- https://webhook.site
- https://requestcatcher.com
- https://canarytokens.org/generate
- http://dnsbin.zhack.ca
- https://ngrok.com
- rusolver
- puredns
- wzrd python3 resolver
- dnsx
- dnsvalidator
- altdns
- goaltdns
- dnsgen
- projectdiscovery/asnmap
- bluto
- SubDomainizer - search HTML for secrets
- TurboL1ster - subl1ster+domaintakeover
- subl1ster
- subfinder - subdomains scraper
- massdns
- httprobe
- lazyrecon
- dr. robot
- gowitness
- EyeWitness
- github-search
- rverton/webanalyze
- desc: Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.
- projectdiscovery/wappalyzergo
- desc: A high performance go implementation of Wappalyzer Technology Detection Library
- resyncgg/ripgen
- desc: Rust-based high performance domain permutation generator.
- SpiderFoot
- ODIN
- list of osint tools - darkweb
- dnstwist - twist domain name to generate phishing URLs