| Whois |
Domain details (contacts, name servers, etc.) |
https://whois.icann.org/en (and many more) |
| Nslookup |
DNS information |
Installed or available on most OSs |
| Foca |
Fingerprint Organizations with Collected Archives - finds document metadata. |
https://github.com/ElevenPaths/FOCA |
| Theharvester |
Gathers info from many sources (email, hosts, open ports, etc.) |
https://github.com/laramies/theHarvester |
| Shodan |
Finds Internet connected devices |
https://www.shodan.io/ |
| Maltego |
Data mining for investigations |
https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php |
| Recon-NG |
Web reconnaissance |
https://bitbucket.org/LaNMaSteR53/reconng |
| Censys |
Finds Internet connected devices |
https://censys.io/ |
