Back to feed
Dev.to
Dev.to
6/25/2026
Passive Reconnaissance on google.com — What I Found Using Shodan, WHOIS, and DNS Tools

Passive Reconnaissance on google.com — What I Found Using Shodan, WHOIS, and DNS Tools

Short summary

Educational walkthrough of passive reconnaissance techniques using publicly available tools (Shodan, WHOIS, DNS enumeration) to map a target's infrastructure without direct system contact. Demonstrates step-by-step methodology on google.com, discovering 37K+ hosts, IP ranges, and subdomains through certificate transparency logs—all legal, non-intrusive security assessment methods.

  • Passive reconnaissance gathers intelligence using only public data sources without triggering alerts or logs
  • Techniques include ASN lookup, Shodan searches, WHOIS queries, DNS enumeration, and SSL certificate inspection
  • Reveals extensive infrastructure details (hosts, IP ranges, software versions, subdomains) on enterprise targets

Generated with AI, which can make mistakes.

Is this a good recommendation for you?

Explore more