A penetration tester has been tasked with gathering information about a target company without directly interacting with the company's systems. Which of the following methods would be most effective and appropriate for the tester to utilize to obtain potential user names, technology stacks, and job roles within the company?
Using Shodan to scan for vulnerable company assets and extract employee information
Performing DNS lookups to identify potential usernames and job roles
Reviewing the company's open-source code contributions for potential user names and job roles
Social media scraping to review profiles and posts for key employee information