Use Harvester For Information Gathering And Penetration Testing. The Harvester is a tool for information gathering of e-mail accounts, sub domain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, PGP key servers).
Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.
Important Addons built inside:
-> PGP: pgp key server - www.rediris.es/keyserver/
-> Linkedin: google search engine, specific search for Linkedin users
-> Shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts (http://www.shodanhq.com/).
SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.
-> vhost: Bing virtual hosts search
> Time delays between request
> All sources search
> Virtual host verifies
> Active enumeration (DNS enumeration, Reverse lookups, TLD expansion)
> Integration with SHODAN computer database, to get the open ports and banners
> Save to XML and HTML
> Basic graph with stats