Consists of

• Active Scanning
  • Scanning IP Blocks
  • Vulnerability Scanning
  • Wordlist Scanning
• Gather
  • Host Information
    • Hardware
    • Software
    • Firmware
    • Confguration
  • Identity Information
    • Credentials
    • Email Addresses
    • Employee Names
  • Network Information
    • Domain Properties
    • DNS
    • Trust Dependencies
    • Topology
    • IP addresses
    • Network Security Appliances
  • Organization Information
    • Physical Locations
    • Business Relationships
    • Business Tempo
• Phishing
  • Spearphising
• Closed Source Search
  • Threat Intel Vendors
  • Purchase Technical Data