Identifying the Target – Passive Reconnaissance
Reconnaissance is the first step of the kill chain when conducting a penetration test or an attack against a network or server target. An attacker will typically dedicate up to seventy-five percent of the overall work effort for a penetration test to reconnaissance, as it is this phase that allows the target to be defined, mapped, and explored for the vulnerabilities that will eventually lead to exploitation.
There are two types of reconnaissance: passive reconnaissance, and active reconnaissance.
Generally, passive reconnaissance is concerned with analyzing information that is openly available, usually from the target itself or public sources online. On accessing this information, the tester or attacker does not interact with the target in an unusual manner—requests and activities will not be logged, or will not be traced directly to the tester. Therefore, passive reconnaissance is conducted first to minimize the direct contact that may signal an impending attack or to identify the attacker.
In this article, you will learn the principles and practices of passive reconnaissance, which include the following:
• Obtaining user information: Many penetration testers gather user names and e-mail addresses, as this information is frequently used to log on to targeted systems.
The most commonly employed tool is the web browser, which is used to manually search the target organization’s website as well as third-party sites such as LinkedIn or Jigsaw.
Some automated tools included with Kali Linux can supplement the manual searches.
• Profiling users for password lists Active reconnaissance, which involves direct interaction with the target, will be covered, Active Reconnaissance and Vulnerability Scanning.
If you have encountered a problem or you have any questions or remarks please feel free to set a comment.
Feel free to share it with your friends … with love and prosperity K4LINUX–TEAM.