We've looked at a number of manual command‐line tools you can use to gain intelligence on targets, but what if you're in a rush or just want to take a shotgun approach to finding as much as you can all at once?

This chapter will look at three automated tools you can use to gather information quickly, and the various features of each. The tools in this section are specifically called out as “automated” because they dig deeper into any results by automatically analyzing any results and entities obtained in your first step to find new information.

For example, if an email address is discovered, the tools will automatically query various APIs to find as many connection points to that email address as possible; whereas with command‐line tools, that is typically a manual process. These tools will automatically take your results from Step 1 and automate your next steps for you.

In the case of a discovered email address, the tool might look to see if it has been breached, or if there is any WHOIS data available from sources like SecurityTrails or Whoisology. In the case of a discovered IP address, the tools might automatically start looking up related domain names, or query threat intel feeds like VirusTotal to check if the IP is on any known blacklists.

The results between each tool are roughly 80% similar to each other. It's often that remaining 20% that can make the difference in an investigation and provide the most valuable (or unique) ...