- Google (specifically Google Dorking)
- Wikipedia
- Social Media (Instagram, Twitter, and Facebook)
- PeopleFinder.com
- who.is
- sublist3r
- hunter.io
- builtwith.com
- wappalyzer
- dnsdumpster.com
- shodan.io
- builtwith.com
- dnsdumpster.com
- nmap (scan a target and tell us a wide variety of things)
- dirb (used to find commonly-named directories on a website)
- dirbuster (similar to dirb but with a cooler name, and with a user interface)
- enum4linux (tool used specifically for Linux to find vulnerabilities)
- metasploit (this tool is mostly used for exploitation, but it also has some built-in enumeration tools)
- Burp Suite (this tool can be used to scan a website for subdirectories and to intercept network traffic)
- Metasploit (many built-in scripts to try)
- Burp Suite (exploit web applications)
- SQLMap (exploit web applications)
- msfvenom (for building custom payloads)
- BeEF (browser-based exploitation)
- Windows: Administrator or System. (pwdump7, Ophcrack)
- Linux: root
- The Finding(s) or Vulnerabilities
- The CRITICALITY of the Finding
- A description or brief overview of how the finding was discovered
- Remediation recommendations to resolve the finding
- Getting in
- Hacking through
- Taking it out
