RedTeamGarage (RTG)
  • RTG
    • About RTG
    • About the Author
    • Order Your Copy – Offensive Red Teaming Book
    • Launching Your Career in Ethical Hacking: A Comprehensive Step-by-Step Guide
  • RED TEAMING ZONE
    • Why Offensive Cyber Red Teaming
  • Red Teaming Methodology
  • Recon for Red Teaming- Theory
  • Recon for Red Teaming- Practical
  • OSINT for Red Teaming
  • Reverse Shell 101
    • Windows Reverse Shell
    • Reverse Shell References
  • Lateral Movement 101
  • Offensive PowerShell
  • Offensive C Sharp (C#)
  • Offensive WMI
  • RDP login with NTLM Hash
  • RDP as a Console
  • Bypassing Windows AppLocker
  • Attacking MSSQL
  • Backdoors
  • Pivoting & Tunneling
  • Cloud in Red Teaming
  • Social Engineering in Red Teaming
Powered by GitBook
On this page

Recon for Red Teaming- Practical

Comprehensive list of Online and Offline Recon Tools

Data Leak Search Online Sites/Tools (Mostly used):

Tool
Remarks

intelx.io

Somewhat expensive but worth it

dehashed.com

Paid one but comparatively reasonable

pastebin.com

Free

github.com

Free (Register to get the API)

postman.com & web.postman.com

Free

leakix.net

Paid

leakpeek.com

Paid

grep.app

Paid

firebase.google.com

Free (Register to get the API)

haveibeenpwned.com

Free, absolutely the best in the market to check the status of the compromised email IDs

Data Leak Search Offline Tools (Mostly used):

Tool
Where to find

theHarvester

Free- Kali/ParrotOS

mosint

Free- Kali/ParrotOS

h8mail

Free- Kali/ParrotOS

recon-ng

Free- Kali/ParrotOS

Subdomain Recon- Some popular tools:

Tool/Site
Remarks

puredns

puredns bruteforce /usr/share/wordlists/SecLists-master/Discovery/DNS/subdomains-top1million-110000.txt redteamgarage.com -r ./resolvers.txt

amass

amass enum -d redteamgarage.com -rf resolvers.txt

subdomainfinder.c99.nl

Online Site

censys.io

Online Site

crt.sh

Online Site

virustotal.com

Online Site

knockpy

knockpy -d redteamgarage.com --recon --bruteforce

Some examples of subdomain recon:

PreviousRecon for Red Teaming- TheoryNextOSINT for Red Teaming

Last updated 12 months ago

Example: knockpy
Example: amass
Example: puredns
Example: crt.sh