Passive Information gathering

• As part of passive information gathering, we can use the OSINT tools to gather information from a web application.

Other interesting resources Content Delivery Network

Passive Information Gathering Tools

• Domain Information
  • Whois
  • Lookup tool
  • ICANN’s website
• Subdomain Identification
  • DNSDumpster
  • Certificate transparency
  • crt.sh
• Additional Insights
  • Shodan

Service Discovery

• Apart from the above mentioned, there are methods to discover running services.
• The most common toolkit used for that is Nmap, that is used to discover open ports and services on a host or across entire networks.