Passive Reconnaissance

Steps

1. First we start by simple whois command to know more data about the registrant or the registrar so we could tailor a potential social engineering attack on the target

2. We will need to get more information from the registrar DNS to know more about the registrant we here can use nslookup or dig (provides more information)

3. This tools are limited in subdomain discovery here we could use DNSDumpster website to get more information about the subdomains and a graph that gives us a better visualization