Reconnaissance

Spy on the infidels!

There The goal of monitoring is to keep track of conditions on the network, identify situations that might signal potential problems, pinpoint the source of problems, and locate areas of your network that might need to be upgraded or modified. With that being said, there are two types of reconnaissance, active and passive reconnaissance.

Passive Reconnaissance

This is when you gather information on a target with no direct interaction with said target. Usually, you gain information about the environment and potential vulnerabilities of the target without directly monitoring their actions. There are three main passive reconnaissance methods:

• Packet Sniffing
• Eavesdropping
• OSINT
  

Active Reconnaissance

Here, you actively probe and interact with the target systems and networks to gather information using methods that do generate network traffic. The goal here is to draw a map of the network that can be used to denote a security posture and find an attack vector.

• Port Scanning
• Service Enumeration
• OS Fingerprinting
• DNS Enumeration
• Web App Crawling

Reconnaissance Tools

• OSINT
• theHarvester
• Shodan
• Dnsenum
• curl and wget
• Scanless
• Sn1per
• Nessus