Understanding Information Gathering
Information Gathering is the first phase of the 8 Penetration Testing Phase which are 1. Information Gathering
2. Enumeration
3. Vulnerability Scanning
4. Exploitation
5. Post Exploitation
6. Privilege Escalation
7. Maintaining Persistent Access
8. Clearing Tracks
Information Gathering or Reconnaissance refers to the techniques of collecting the data directly or indirectly interacting with the Target.
Reconnaissance can be performed in two ways:
ACTIVE RECONNAISSANCE: In active reconnaissance, we discover open ports on the target system, and get to know about the Internal Infrastructure of the target network by directly interacting with the target. In this methodology, the target might know about your presence and interaction with their network infrastructure. Some of the tools are Nmap, Nikto, Burpsuite etc.
nmap -Pn -sV -A "ip_address" //Scans for open ports and services on the target,
and may identify the OS and versions.
PASSIVE RECONNAISSANCE: Passive reconnaissance involves the gathering of information without directly interacting with the target infrastructure. So target won't get the idea of your interaction with the target infrastructure. Some of the tools are dig, whois, whatweb, dnsrecon, Wayback machine, google Dorking etc.
whois hashnode.com // Provides domain registration information,
including the domain owner's contact details.
nslookup <domain_name> // It retrieves the target's DNS information,
such as IP addresses and associated domain names.