Heya, Founder of https://viewdns.info/ here (used by any mentioned in the article a bit). If anyone is doing this kind of research, feel free to reach out at feedback@viewdns.info as I'm more than happy to extend some free API credits etc! -Hughesey. - Source: Hacker News / 7 months ago

This might help you get a start: There are lots of common tools. https://viewdns.info/. Source: over 1 year ago

I used viewdns.info - allowed me to search by registrant name. I looked for Bed Bath Procurement and Liberty Procurement for the list I grabbed (~600 results). Spotted the .sex TLD and filtered down to that and hand-verified whether each result was truly owned by BBBY. I work in IT Audit and InfoSec, so was a piece of cake to find and filter the data. :D. Source: over 1 year ago

After doing some investigating, it looks like when I sent the email, it was initially sent via an IP address that falls within Googles IP range, but when I went to viewdns.info to lookup the IP, it was of a Domain that was not Google. Source: almost 2 years ago

Normally that means that every target that belongs to the company, is in scope except the one in the OOS section. Now the real question his, how can I be sure that a target is in scope? Well, whois command is your friend, if you have a domain name. If you have a ip address, you have to work more on it, anyway you can try some reverse DNS or other tool that you can find here: https://viewdns.info/ or you are... Source: almost 2 years ago

Then create a threat feed in our Fortigate using the API at https://hackertarget.com/ using that ASN. Source: 8 months ago

So far, I found things like https://pentest-tools.com/, https://hackertarget.com/, and https://www.intruder.io/. Does anyone have any experience with these (or any other) tools? If so, would you consider any of them a valid tool to check the "Have you conducted any penetration testing" box and maybe highlight some areas where we are lacking? Source: almost 2 years ago