3. Information Collection

Content Index:

• 3.1. Web Entry/Information
• 3.2. Domain Name Information
  • 3.2.1. Whois
  • 3.2.2. Search Engine Search
  • 3.2.3. Third-party queries
  • 3.2.4. ASN information association
  • 3.2.5. Domain Relevance
  • 3.2.6. Use of website information
  • 3.2.7. HTTPS certificate
  • 3.2.8. Domain Transfer Vulnerability
  • 3.2.9. Passive DNS
  • 3.2.10. General Analysis
  • 3.2.11. Important records
  • 3.2.12. CDN
  • 3.2.13. Subdomain blasting
  • 3.2.14. Cache Detection Technology
• 3.3. Port Information
  • 3.3.1. Common ports and their vulnerabilities
  • 3.3.2. Common port scanning techniques
  • 3.3.3. Web Services
  • 3.3.4. Bulk Search
• 3.4. Site Information
• 3.5. Search engine utilization
  • 3.5.1. Search engine processing flow
  • 3.5.2. Search Techniques
  • 3.5.3. snapshot
  • 3.5.4. Github
• 3.6. Social Engineering
  • 3.6.1. Corporate Information Collection
  • 3.6.2. Personnel Information Collection
  • 3.6.3. Fishing
  • 3.6.4. Additional information
• 3.7. Reference Links