Back to course
Free Previewintermediate16 min
Reconnaissance & OSINT
Learn how to gather public information about a target using OSINT tools and Google Dorking.
## Reconnaissance & OSINT
Before an attacker (or a pentester) touches a target's systems, they spend hours gathering publicly available information. This phase is called **reconnaissance**.
### OSINT Tools
| Tool | Purpose |
|------|---------|
| `whois` | Domain registration info |
| `theHarvester` | Email, subdomains, hosts |
| Shodan | Internet-connected device search |
| Maltego | Visual relationship mapping |
| Google Dorking | Advanced search operators |
### Google Dork Examples
```
site:example.com filetype:pdf
intitle:"index of" "password.txt"
```
⚠️ Only use these against systems you own or have written permission to test.