- Search informations for target.

- Job sites deliver informations with much easy.

- Whois, Netcraft, Registro.br public informations of the site.
- archive.org Old informations in background of the site.
- googlehacking- inurl,intext,filetype,intitle e etc
- theharvester get emails,ips e etc. theHarvester -d "DOMINIUM" -l "List Numbers" -
b "where search"
- Ever active postgreseql before METASPLOIT, Postgresql Start the METASPLOIT
database (msfdb init),msfconsole enters in metasploit.
- Users Traces- mailtracking.com getting information the user when open the send
mail virtual box, who send a archive pdf it getting all computer informations.
- Spys.one list of the public proxys for use.
- Spoofing, method used for encrypt information sent to recipient, causing that the
recipient think that information was sent by another people.
- Bypass, "Life Hack" used for overcome all barriers of security of easy mode.
- SHODAN
product: -> return just results who are the specific product. Example:
product:MongoDB
country: -> return just results who do country part defined. Example: country:br
net: -> return just results who do networking part . Example: net:192.168.0.1/24
port: -> return just results who get functional service in the port. Example:
port:27017
org: -> return just results who do part the organizations determined . Example:
org:Google
city: -> return just results who do part the determined city. Example: city:"João
Pessoa"
- -> This is a lógic operator who remove results obtained determined words.
Example: -authentication
NOT -> this logic operator has the same functions as the previous. Example: NOT
authentication

- Censys (shodan for developers), database based for python.

- Maltego, software who automatic all collect process information for the target
with graphics interface.
- Mindmaps, put an possibilty for the final objective. (define the target, meet the
target, get all time the)
- Nmap,does a complet scanning the networking. Tag -sV give verssions from the
server.
- Scanning the port use hping3, syn+ack (SA) = port open, if return RA (reset ack)
the port is closed, the user ever send SYN (send connection for port)Nmap -sS ever
return the SYN, Nmap is perfect and completed in comparation put hping3, use the
protocol SYN, doesn't big noise.
- In nmap we can used the flag -sP for realize a scanning Ping Scan
- Protocol TCP sends and receives data packets of server, Protocol UDP only sends
data packets.

- Port protocol numbers.

20 File Transfer Protocol (FTP) Data Transfer
21 File Transfer Protocol (FTP) Command Control
22 Secure Shell (SSH) Secure Login
23 Telnet remote login service, unencrypted text messages
25 Simple Mail Transfer Protocol (SMTP) E-mail routing
53 Domain Name System (DNS) service
67,68 Dynamic Host Configuration Protocol (DHCP)
80 Hypertext Transfer Protocol (HTTP) used in the World Wide Web
110 Post Office Protocol (POP3)
119 Network News Transfer Protocol (NNTP)
123 Network Time Protocol (NTP)
143 Internet Message Access Protocol (IMAP) Management of digital mail
 161 Simple Network Management Protocol (SNMP)
194 Internet Relay Chat (IRC)
443 HTTP Secure (HTTPS) HTTP over TLS/SSL

- Scanning using Handshake is complete,but it does a extreme noise in the target

recept.
- Netcat show the completed connections, in the capture tcp the server send
informations, banners,fonts codes, the nmap get the services captured from TCP and
show the informations.
- Ping is ICMP echo request and receive ICMP echo reply, Example: "The people speak
Hi, another people reply".It's considered a technique called (ping pong).through
the command ping is possible check if the IP is a valid IP.
- FPing, through the fping it's possible automate the command Ping,It's localize
the actives Ip's of automatic form. Example: fping -c1 -g 192.168.1.0 192.168.1.24
- Banners, Services Types and Versions of services.
-