Reconnaissance
What is Reconnaissance?
Reconnaissance is the first phase of ethical hacking where the attacker gathers information about the target system. This phase is also known as the footprinting or information gathering phase. The more information an attacker collects about the target, the more attack vectors they may discover.
Types of Reconnaissance
Passive Reconnaissance
Gathering information without directly interacting with the target system. This includes searching public records, social media, and other open sources.
Active Reconnaissance
Directly interacting with the target system to gather information. This might include port scanning or using tools to query the system.
Common Techniques
- DNS enumeration
- WHOIS lookups
- Search engine queries
- Social engineering
- Network scanning
- Email harvesting
Popular Tools
Maltego
For gathering and connecting information from various public sources.
theHarvester
For gathering emails, subdomains, hosts, and other information.
Recon-ng
A full-featured web reconnaissance framework.
Shodan
Search engine for internet-connected devices.
Ethical Considerations
While reconnaissance is a critical phase in ethical hacking, it's important to ensure you have proper authorization before conducting any information gathering activities. Passive reconnaissance is generally safer, but even this should be conducted within legal boundaries and with permission.