> For the complete documentation index, see [llms.txt](https://intrusionz3r0.gitbook.io/intrusionz3r0/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://intrusionz3r0.gitbook.io/intrusionz3r0/enumeration/osint-passive-enumeration.md). # (OSINT) Passive Enumeration ```bash export TARGET= #Information Gathering by using crt.sh Intrusionz3r0X@htb[/htb]$ curl -s 'https://crt.sh/?q=compucloud.com.mx&output=json' | jq . #Subdomain enumeration by using crt.sh Intrusionz3r0X@htb[/htb]$ curl -s 'https://crt.sh/?q=compucloud.com.mx&output=json'| jq . | grep name | cut -d":" -f2 | grep -v "CN=" | cut -d'"' -f2 | awk '{gsub(/\\n/,"\n");}1;' | sort -u > subdomainlist Intrusionz3r0X@htb[/htb]$ for i in $(cat subdomainlist);do host $i | grep "has address" | cut -d" " -f1,4;done #Manual DNS enumeration Intrusionz3r0X@htb[/htb]$ openssl s_client -ign_eof 2>/dev/null <<<$'HEAD / HTTP/1.0\r\n\r' -connect "facebook.com:443" | openssl x509 -noout -text | grep 'DNS' | sed -e 's|DNS:|\n|g' -e 's|^\*.*||g' | tr -d ',' | sort -u #Extract the host from dns Intrusionz3r0X@htb[/htb]$ for i in $(cat subdomainlist | grep -v "*"); do host $i | grep "has address" | sort -u | cut -d " " -f1,4;done #Grep for IPs Intrusionz3r0X@htb[/htb]$ for i in $(cat subdomainlist | grep -v "*");do host $i | grep "has address" | cut -d" " -f4 >> ip-addresses.txt;done #Initializating Shodan tool Intrusionz3r0X@htb[/htb]$ shodan init # Scan using Shodan Intrusionz3r0X@htb[/htb]$ for i in $(cat ip-addresses.txt);do shodan host $i;done #Fetch all the URLs that the Wayback Machine knows about for a domain Intrusionz3r0X@htb[/htb]$ waybackurls -dates https://facebook.com > waybackurls.txt ``` ### **Automating Passive Subdomain Enumeration** ```bash Intrusionz3r0X@htb[/htb]$ cat sources.txt baidu bufferoverun crtsh hackertarget otx projectdiscovery rapiddns sublist3r threatcrowd trello urlscan vhost virustotal zoomeye Intrusionz3r0X@htb[/htb]$ export TARGET="compucloud.com.mx" Intrusionz3r0X@htb[/htb]$ cat sources.txt | while read source; do theHarvester -d "${TARGET}" -b $source -f "${source}_${TARGET}";done Intrusionz3r0X@htb[/htb]$ cat *.json | jq -r '.hosts[]' 2>/dev/null | cut -d':' -f 1 | sort -u > "${TARGET}_theHarvester.txt" ``` **Passive Enumeration Resources**: [OSINT Framework](https://osintframework.com/) [crt.sh | Certificate Search](https://crt.sh/) [Netcraft | Leader in Phishing Detection, Cybercrime Disruption and Website Takedown](https://www.netcraft.com/) [Wayback Machine](https://web.archive.org/) ## Finding information about Cloud Providers **Google Search for AWS resources** **Google Search for Azure** **Target Website - Source Code** [Domain DNS Record and WHOIS Information](https://domain.glass/) [Public Buckets by GrayhatWarfare](https://buckets.grayhatwarfare.com/) ## Finding information about the company * Use LinkedIn to find information about the technology, infrastructure, programming languages, or software the company is using. ```sql Required Skills/Knowledge/Experience: * 3-10+ years of experience on professional software development projects. « An active US Government TS/SCI Security Clearance (current SSBI) or eligibility to obtain TS/SCI within nine months. « Bachelor's degree in computer science/computer engineering with an engineering/math focus or another equivalent field of discipline. « Experience with one or more object-oriented languages (e.g., Java, C#, C++). « Experience with one or more scripting languages (e.g., Python, Ruby, PHP, Perl). « Experience using SQL databases (e.g., PostgreSQL, MySQL, SQL Server, Oracle). « Experience using ORM frameworks (e.g., SQLAIchemy, Hibernate, Entity Framework). « Experience using Web frameworks (e.g., Flask, Django, Spring, ASP.NET MVC). « Proficient with unit testing and test frameworks (e.g., pytest, JUnit, NUnit, xUnit). « Service-Oriented Architecture (SOA)/microservices & RESTful API design/implementation. « Familiar and comfortable with Agile Development Processes. « Familiar and comfortable with Continuous Integration environments. « Experience with version control systems (e.g., Git, SVN, Mercurial, Perforce). Desired Skills/Knowledge/ Experience: « CompTIA Security+ certification (or equivalent). « Experience with Atlassian suite (Confluence, Jira, Bitbucket). « Algorithm Development (e.g., Image Processing algorithms). « Software security. « Containerization and container orchestration (Docker, Kubernetes, etc.) « Redis. « NumPy. ``` * Github --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://intrusionz3r0.gitbook.io/intrusionz3r0/enumeration/osint-passive-enumeration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.