pentest-osint-recon
Pentest OSINT Recon
Purpose
Gather publicly available information about a target organization to map its external attack surface, including subdomains, emails, and exposed assets.
Core Workflow
- Domain Enumeration: Discover subdomains and related assets using
amassandsubfinder. - Tech Profiling: Identify technologies used on discovered assets using
httpxandwhatweb. - Information Gathering: Search for emails, leaks, and social media presence using
theharvesterand search engines. - Asset Correlation: Correlate IP addresses, domains, and technologies to find weak spots.
- Vulnerability Intel: Check discovered software versions against CVE databases.
References
references/tools.mdreferences/workflows.md
More from jd-opensource/joysafeter
pentest-mobile-app
OWASP Mobile Top 10 security testing for Android and iOS — local storage, certificate pinning bypass, IPC abuse, and binary protections.
56pentest-api-deep
Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.
55pentest-exploit-validation
Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.
53pentest-ai-llm-security
AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.
50pentest-secrets-exposure
Discover hardcoded credentials, leaked API keys, exposed configuration files, sensitive data in artifacts, and information disclosure via error handling.
50pentest-ctf-binary
Binary exploitation (Pwn) and reverse engineering tools for CTF challenges and software analysis.
49