Skip to content

Latest commit

 

History

History
179 lines (90 loc) · 3.66 KB

Reconnaissance.md

File metadata and controls

179 lines (90 loc) · 3.66 KB

Reconnaissance.

Reconnaissance is gathering information about a target system or network, to identify vulnerabilities that could be exploited. This process is also known as Footprinting or Information Gathering.

There are two main types of reconnaissance:

Passive:- Passive reconnaissance involves gathering information without directly interacting with the target system. This can be done through publicly available sources, such as websites and search engines.

Active:- Active reconnaissance involves directly interacting with the target system. This can include techniques such as network scans and vulnerability scans and can raise the risk of detection.

Ethical Hacker / Pentester looking for?

  1. Network Information.

    Domain name

    Internal Domain

    IP Address

    Unmonitored/private websites

    TCP/UDP Services

    VPN/IDS/IPS/access controls

    VPN info

    Phone numbers/VoIP

    Network topology

    Network devices

  2. Operating System Information.

    Users and group names/info

    Banner grabbing

    Routing tables

    SNMP

    System architecture

    Remote systems

    System names

    Passwords

    Dumpster diving

    Version

    Patch level

  3. Organization Information.

    Organization website

    Company directory

    Employee information

    Business structure

    Location details

    Comments in HTML source code

    Security policies deployed

    webserver links

    Background of organization

    Marketing and advertising

    Prevailing events

    Partners

    Phone

    Financial information

External Network Pentester looking for?

An external network refers to a network that is outside of an organization's internal network and is accessible from the internet. Examples of external networks include public Wi-Fi networks, cloud-based services, and other third-party networks. External network reconnaissance is a stage in external network penetration testing where the testers gather information about the target system. The purpose of this phase is to gather information about the target network, including:

  1. Network Information

  2. Operating systems and applications

  3. Publicly accessible information

  4. Phone

  5. Website Mirroring

  6. Archive Sites

  7. Github recon

  8. Whois

  9. Web server Content

  10. Email Header

  11. Google and Search Engine

  12. People Sites

  13. Social Network

  14. Job Sites

  15. Alert Website

Internal Network Pentester looking for?

Internal network penetration testing is a type of security testing that focuses on evaluating the security of an organization's internal network infrastructure.

  1. IP Address

  2. Internal DNS

  3. Private Website

  4. Dumpster Diving

  5. Shoulder Surfing

Web Application Pentester looking for?

  1. Network Information

    IP address

    Domain name

    Network topology

    Open ports and services

  2. Web Application Information

    Web server technology used

    Application framework

    Source code (if accessible)

    Session management

    Input validation and data handling

    Authentication and authorization mechanisms

  3. Web Server Information

    Operating system

    Web server software version

    Server-side scripting language and version

    Database management system and version

  4. Web Application Components

    Dynamic content generation

    Client-side scripting languages

    Third-party components and libraries