Lockdoor Framework

A Penetration Testing Framework

View on GitHub

Passive information gathering

Google

Email Harvesting

>> theharvester -d target.com -b google >target_google.txt
> theharvester -d target.com -l 10 -b bing >target_bing.txt

Netcraft

Whois

>> Whois target.com
> whois 10.10.10.10

Recon-ng

Check here for more detat

>> recon-ng
[recon-ng][default] > use recon/contacts/gather/http/api/whois_pocs
>recon-ng > use recon/hosts/enum/http/web/xssed
>recon­-ng > use recon/hosts/gather/http/web/google_site
>recon-ng > use recon/hosts/gather/http/web/ip_neighbor

Many of the modules in recon-ng require API keys with their respective service providers. Take some time to check out recon-ng and its various modules

Search for people

Search Engine Recon Defenses