Look Mom, No Packets!

During the reconnaissance phase of a penetration test being able to discover the external assets of an organization is extremely important. It is also important to do so as stealthily as possible. Using open-source tools and techniques it is possible to enumerate an organizations external assets without sending any packets directly from your computer system to the target organization's network. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) shows you how to use Recon-NG, Datasploit, Shodan and more!.


  1. Recon-ng
  2. Datasploit
  3. Spiderfoot
  4. Censys
  5. Shodan
  6. Threatcrowd
  7. HackerTarget
  8. Netcraft
  9. Certificate Search Tool - crt.sh
  10. Internet-Wide Scan Data Repository

Full Show Notes

[audio src="http://traffic.libsyn.com/tswaudio/OSINT__External_Recon_Pt._1_Host_Discovery_-_Tradecraft_Security_Weekly_8_converted.mp3"]