shield_lock
JinDaGe
Back to skills
extension
Category: Development & EngineeringNo API key required

pentest-osint-recon

Open Source Intelligence gathering and attack surface management for external reconnaissance.

personAuthor: jakexiaohubgithub
open_in_newRepositorydownloadDownload package

Pentest OSINT Recon

Purpose

Gather publicly available information about a target organization to map its external attack surface, including subdomains, emails, and exposed assets.

Core Workflow

  1. Domain Enumeration: Discover subdomains and related assets using amass and subfinder.
  2. Tech Profiling: Identify technologies used on discovered assets using httpx and whatweb.
  3. Information Gathering: Search for emails, leaks, and social media presence using theharvester and search engines.
  4. Asset Correlation: Correlate IP addresses, domains, and technologies to find weak spots.
  5. Vulnerability Intel: Check discovered software versions against CVE databases.

References

  • references/tools.md
  • references/workflows.md