From what I understand, Target Discovery is more about dealing with DNS’s and IP addresses. What I get is that the tester is trying to get the right target. It is about finding old information about the target that we can use to learn about the target. It focuses on finding the old DNS, IP behind firewall and old archives.
For this topic, I tried finding IP information. One of the tools we can use is robtex and it can show the IP number, name servers and sibling sites. I tried using robtex with pentest.id
We can also use nmap in the terminal in Kali Linux for Target Discovery
nmap -O is used to find the OS that is used.