Compilation of my tools to perform a security check by executing an attack on the Web application without enforcing the Web applications.
- Crawl the site and grep for URLs;
- Scan IP ranges;
- Explore Git(Hub|Lab);
- Search all Internet archives as Wayback Machine;
- Check DNS records, they often list other domains that belong to the company;
- Reverse WHOIS lookup and look for domains registered under the same email address.
- https://www.crunchbase.com - Find brands and projects of company;