# Recon

# Domeni
- crt.sh
- google site:example.org -site:www.example.org -site:...
- sublis3r program 
    sublist3er.py -d example.org
- resolve to ip (for i in $(cat subdomens.txt) ; do host $i ; done
- whois domen,ip,as

# Port scan

- nmap example.org
- nmap -sV example.org
- whatweb program

# Vulenarbilites

- CVE details website
- nmap --script vulners -sV example.org
- sucuri website
- imuniweb
- wapiti
- xssstrike
- PwnXSS

# Firewall detection
- firewalk

# Automation
- recon should be automated to periodically scan targets
- nuclei program (scrippting language, daemon)
- owasp/amass program

# Web
- dirbuster
- robots.txt

# Anonimity
- tmap program
- Tor browser
- torsocks