Recon for Red Teaming- Practical
Comprehensive list of Online and Offline Recon Tools
Data Leak Search Online Sites/Tools (Mostly used):
intelx.io
Somewhat expensive but worth it
dehashed.com
Paid one but comparatively reasonable
pastebin.com
Free
github.com
Free (Register to get the API)
postman.com & web.postman.com
Free
leakix.net
Paid
leakpeek.com
Paid
grep.app
Paid
firebase.google.com
Free (Register to get the API)
haveibeenpwned.com
Free, absolutely the best in the market to check the status of the compromised email IDs
Data Leak Search Offline Tools (Mostly used):
theHarvester
Free- Kali/ParrotOS
mosint
Free- Kali/ParrotOS
h8mail
Free- Kali/ParrotOS
recon-ng
Free- Kali/ParrotOS
Subdomain Recon- Some popular tools:
puredns
puredns bruteforce /usr/share/wordlists/SecLists-master/Discovery/DNS/subdomains-top1million-110000.txt redteamgarage.com -r ./resolvers.txt
amass
amass enum -d redteamgarage.com -rf resolvers.txt
subdomainfinder.c99.nl
Online Site
censys.io
Online Site
crt.sh
Online Site
virustotal.com
Online Site
knockpy
knockpy -d redteamgarage.com --recon --bruteforce
Some examples of subdomain recon:
Last updated