in , , ,

Penetration Testing With Kali Linux – Identifying the Target

Penetration Testing With Kali Linux – Passive Reconnaissance

Identifying the Target – Passive Reconnaissance

Reconnaissance is the first step of the kill chain when conducting a penetration test or an attack against a network or server target. An attacker will typically dedicate up to seventy-five percent of the overall work effort for a penetration test to reconnaissance, as it is this phase that allows the target to be defined, mapped, and explored for the vulnerabilities that will eventually lead to exploitation.

There are two types of reconnaissance: passive reconnaissance, and active reconnaissance.

Generally, passive reconnaissance is concerned with analyzing information that is openly available, usually from the target itself or public sources online. On accessing this information, the tester or attacker does not interact with the target in an unusual manner—requests and activities will not be logged, or will not be traced directly to the tester. Therefore, passive reconnaissance is conducted first to minimize the direct contact that may signal an impending attack or to identify the attacker.

In this article, you will learn the principles and practices of passive reconnaissance, which include the following:

Basic principles of reconnaissance

Open-source intelligence (OSINT)

DNS reconnaissance including issues with IPv4 and IPv6

Mapping The Route

• Obtaining user information: Many penetration testers gather user names and e-mail addresses, as this information is frequently used to log on to targeted systems.

The most commonly employed tool is the web browser, which is used to manually search the target organization’s website as well as third-party sites such as LinkedIn or Jigsaw.
Some automated tools included with Kali Linux can supplement the manual searches.

TheHarvester – Gathering names and e-mail addresses

Metagoofil – Gathering document metadata

Profiling users for password lists Active reconnaissance, which involves direct interaction with the target, will be covered, Active Reconnaissance and Vulnerability Scanning.

If you have encountered a problem or you have any questions or remarks please feel free to set a comment.

Feel free to share it with your friends … with love and prosperity K4LINUXTEAM.


What do you think?

1078 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Penetration Testing with Kali Linux free training course

CUPP – How To Generate a Powerful Wordlist on Kali Linux ?

Web app penetration testing with kali linux OWASP mantra

How To Install and Use OWASP Mantra – Kali Linux