DISCLAIMER: The content of this post/blog is based on opinion on what I have learned and for educational purposes, therefore if there are any mistakes or recommendation for improvement leave a comment 🙂
There are many websites that can be used as a tool for Information Gathering such as:
- shodan.io
- archive.org
- alexa.com
- pipl.com
- whois.com
But Kali Linux provide many tools for information gathering. For this post I am going to introduce some tools I used during my studies. These are:
- Whois: Whois can also be used in Kali Linux to query the domain registration information.
- host: This tool finds the IP address of a host from a host name.
- dig: This tool is like host but it has better flexibility and clarity in output.
- dnsenum: This collects information from a DNS server, the information that can be gathered are host IP, DNS server of domain and MX record of domain.
- tcptraceroute: This tool can be used to get the network routing information, to see which path is taken by the packet. This information could hint if the target host is behind a firewall.
- theharvester: This tool gathers email accounts, username and hostname/subdomain from a host.
