This chapter is designed to give you an overview of performing general network reconnaissance on an organization, as well as scanning and identifying network hosts. The focus of this chapter is more on the process than the specific tools being used because when it comes to OSINT, or probably any facet of information security, there will always be newer, better, and shinier tools to use.

There are hundreds of different tools and services you can use to gather information on organizations. New tools come out almost daily; it's impossible to keep up. I don't want that to be the focus. I'm sure I missed some tools, and I'm sure some will be outdated by the time you read this. My goal is to show you some tools that I think are useful now, but I completely understand that there may be better ones in the future.

Regardless, the tools should not be the focus. The point is how the information is being collected, and more importantly, how the process of discovering new information should never be limited to just one tool.

Always try new things because, as I will demonstrate, one tool will never give you a complete answer.