Pentest OSINT Recon

Purpose

Gather publicly available information about a target organization to map its external attack surface, including subdomains, emails, and exposed assets.

Core Workflow

1. Domain Enumeration: Discover subdomains and related assets using amass and subfinder.
2. Tech Profiling: Identify technologies used on discovered assets using httpx and whatweb.
3. Information Gathering: Search for emails, leaks, and social media presence using theharvester and search engines.
4. Asset Correlation: Correlate IP addresses, domains, and technologies to find weak spots.
5. Vulnerability Intel: Check discovered software versions against CVE databases.

References

• references/tools.md
• references/workflows.md