Recon

rCheck out website if any. Use it like a regular user would.

Checkout the about page or similar to get an understanding of the employees and any linked social media or email accounts.

WHOIS record. These are increasingly private, for free.

WHOIS forward and reverse lookups about servers.

Google Dorks!!!

recon-ng

Wordpress

Really useful flags, they'll pickup a little bit more than the standard scan.

--enumerate p --plugins-detection aggressive

Last updated 6 months ago