🔍 OSINT & Reconnaissance
Open Source Intelligence gathering techniques for security assessments. Learn passive reconnaissance, domain enumeration, employee discovery, and data leak detection.
Google Dorking
Advanced Google search operators to find exposed files, directory listings, and sensitive data.
Full GuideSubdomain Enumeration
Discover subdomains using DNS bruteforce, zone transfers, search engines, and certificate transparency logs.
Full GuideCredential Leaks
Search for leaked credentials. Monitor paste sites, breach databases, and dark web forums.
Full Guide🛠️ Essential Tools
Amass
DNS enumeration, subdomain discovery, and attack surface mapping by OWASP.
theHarvester
Gather emails, subdomains, IPs, URLs from public sources in passive reconnaissance.
Maltego
Interactive data mining and link analysis tool for OSINT investigations.
Recon-ng
Web-based reconnaissance framework with modular architecture for efficient OSINT collection.
KnockPy
Subdomain enumeration tool that supports wordlist bruteforce and DNS zone transfers.
Holehe
Check if an email is registered on 220+ websites by examining social network APIs.
📋 Google Dorking Cheatsheet
File Search
site:target.com filetype:pdf
site:target.com ext:xlsx OR ext:csv
site:target.com inurl:admin
Directory Discovery
site:target.com intitle:"index of"
site:target.com intitle:"directory listing"
site:target.com inurl:/wp-admin/
Sensitive Data
site:target.com filetype:sql "password"
site:target.com filetype:log "password"
site:target.com filetype:env
Database Files
filetype:sql intext:"INSERT INTO"
filetype:sqlite3 OR filetype:db
filetype:mdb