Reconnaissance: Gaining information about a specific target and scanning the range of ports. Any open port is possibly a vulnerable avenue of a web attack.
Blog: Top 5 Best Port Scanners
Blog: URLScan.io: the best way to scan any website
Blog: Top 20 Data Reconnaissance and Intel Gathering Tools
Historical list of IP addresses where a specific domain name was hosted. Also, it provides information about the geographical location and the owner of it.
Blog: New feature: IP history by value
System of records that stores DNS data for the given location, time period and record. It is mostly used for having an IP address that is known to be malicious and to find all domain names that are connected to it.
Blog: Finding Phishing Domains with DNSTrails
Country code Top-Level Domain. Internet top-level domain that is reserved for a specific country. It contains two letters and can be restricted to only users from that country, or can be open for registrations.
Blog: More complete coverage for UK, AU, SE and NU Top level domains
Generic Top-Level Domain. Identifies a name of an internet address and is generally the most popular Top-Level domain. It includes the famous .com, .org, .net.
Accessing the historical WHOIS data. Getting all information associated to a domain name in question.
Blog: New Feature: Find every domain someone owns automatically
Whois reverse DNS
Using any personal information that is associated to a domain name in question. You will be able to access all domain names that are associated with that information.
Blog: New Feature: Searching WHOIS Data Using Mailing Addresses
SSL transparency log
Public logs from companies that provide you with SSL certificates. It is public information about the certificates.
Gaining information about the target without actively engaging with systems.
Up-to date lists of deleted, new, or changed domains filtered by gTLD, ccTLD or all TLDs.
Determining the domain name that is associated with the IP address in question.
Blog: How to use reverse DNS records to identify mass scanners
Similar to the A record, but it points the domain or subdomain to an IPv6 address
Mostly used for reverse DNS. It maps a network interface to a host name.
Blog: New Features: Endpoints for Reverse DNS and Open Ports
Domain-based Message Authentication. Email validation system that is there to detect and fight techniques that are used in email spoofing.