Information gathering refers to gathering or collecting information about person, company and system that you’re targeting.
Web reconnaissance and footprinting focusses on gathering information about website.
Read DNS
Command line tool to gather DNS information about host
Whois hostname
To find information regarding domain
DNSRecon -d domain_name
Gather information about subdomains on basis of certificates.
To identify subdomains of given domain
Sublist3r domain_name
To detect web application firewall being used.
waffw00f domain
Read Google_Dorking
examples : Site: Intitle : index of Cache: site_name
Interesting google dorks stored in database.
To check previous versions of websites and find information from it.
To find leaked passwords in breaches, gather information about possible breaches occured.
Read DNS
DNS Zone Transfer : Process of copy or transfer of zone files from one DNS server to another.
DNS Zone Transfer using dig
dig axfr @"nameserver" "site"
Enumeration of publically available information, zone transfer and bruteforce subdomains.
dnsenum "site"
fierce –dns domain_name
To enumerate active machines using ping scan to gather active machines IP.