Reconnaissance

Spy on the infidels!

There are two types of reconnaissance, active and passive reconnaissance.

Passive Reconnaissance

This is when you gather information on a target with no direct interaction with said target. Usually, you gain information about the environment and potential vulnerabilities of the target without directly monitoring their actions. There are three main passive reconnaissance methods:

• Packet Sniffing
• Eavesdropping
• OSINT
  

Active Reconnaissance

Here, you actively probe and interact with the target systems and networks to gather information using methods that do generate network traffic. The goal here is to draw a map of the network that can be used to denote a security posture and find an attack vector.

• Port Scanning
• Service Enumeration
• OS Fingerprinting
• DNS Enumeration
• Web App Crawling

Reconnaissance Tools

• OSINT
• theHarvester
• Shodan
• Dnsenum
• curl and wget
• Scanless
• Sn1per
• Nessus