3. Which tools do you use for information gathering, and for what specific purposes?
- Nmap: Port/service scanning, common vulnerability detection
- dirsearch: Directory brute‑forcing
- whatwaf: WAF detection and identification
- WFuzz: Fuzz testing
- TideFinger / Wappalyzer: CMS and middleware identification