|
11
|
Active Scanning
|
|
50
|
Business Relationships
|
|
52
|
CDNs
|
|
60
|
Client Configurations
|
|
102
|
Credentials
|
|
112
|
DNS
|
|
116
|
DNS/Passive DNS
|
|
136
|
Determine Physical Locations
|
|
140
|
Digital Certificates
|
|
161
|
Domain Properties
|
|
178
|
Email Addresses
|
|
182
|
Employee Names
|
|
222
|
Firmware
|
|
228
|
Gather Victim Host Information
|
|
229
|
Gather Victim Identity Information
|
|
230
|
Gather Victim Network Information
|
|
231
|
Gather Victim Org Information
|
|
236
|
Hardware
|
|
245
|
IP Addresses
|
|
246
|
Identify Business Tempo
|
|
247
|
Identify Roles
|
|
329
|
Network Security Appliances
|
|
334
|
Network Topology
|
|
335
|
Network Trust Dependencies
|
|
368
|
Phishing for Information
|
|
390
|
Purchase Technical Data
|
|
429
|
Scan Databases
|
|
430
|
Scanning IP Blocks
|
|
437
|
Search Closed Sources
|
|
438
|
Search Engines
|
|
439
|
Search Open Technical Databases
|
|
440
|
Search Open Websites/Domains
|
|
441
|
Search Victim-Owned Websites
|
|
462
|
Social Media
|
|
465
|
Software
|
|
472
|
Spearphishing Attachment
|
|
474
|
Spearphishing Link
|
|
475
|
Spearphishing Service
|
|
508
|
Threat Intel Vendors
|
|
543
|
Vulnerability Scanning
|
|
544
|
WHOIS
|