• host

    command for DNS resolve

  • netcraft.com

    more comprehensive

  • httrack

    downloads a website source code to run it locally. NICE👍

  • dnsrecon

    for dns enumeration and dns lookups

  • dnsdumpster

    more comprehensive

  • wafw00f

    WAF fingerprinting tool To do its magic, WAFW00F does the following:

    • Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.
    • If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is.
    • If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.

  • sublist3r

    passive subdomain enumeration, can also be used for subdomain bruteforcing

  • theHarvester

    https://github.com/laramies/theHarvester for enumerating emails and subdomains

  • exploit-db.com

    big database for exploits and google dorks

  • Google dorks

    for subdomain enumeration, sensitive pages

    examples:

      site:
  intitle:
  inurl:
  filetype:

  • Password Databases

    https://haveibeenpwned.com/ try any email if it's compromised check which breach was it and there might be a password list for breached emails so now you have a password for this email NICE😘.