This is the very first step in the penetration testing process. This involves gathering information and intelligence which can be utilised in further steps of pen testing. The data collected are correlated and helps in setting up a better plan for attacking or evaluating assigned systems/applications. This can be carried out in two modes which are active and passive. In active mode, we directly interact with targets whereas, in passive mode, we pull information through an indirect channel. There are a few tools which can be used to gather information about the target. We will be using them to showcase a demo of their usage.
Whois: This is an online tool which can help to find domain profile. The domain profile contains information like IP address, Name Servers, Registrant Country, Server running the website etc. This is an example of passive reconnaissance. Whois can be found here.
Netcraft: This is an another online too which provide domain profile with additional details like technologies used for front-end and back-end etc. This is also an example of passive reconnaissance. Netcraft can be accessed here.
Shodan: It is considered one of the most dangerous search engine.
It can enumerate any servers which have web interface including nuclear controller servers, home control servers, webcam, routers, traffic light etc. Shodan can be accessed here. Below is a router with default username and password. This can be easily exploited.
Maltego: This is another passive tool which can be used to gather information. This can be used as a desktop application which can be integrated with different insightful online tools like Virustotal, Hybrid Analysis, Social link websites, Shodan etc. Community Edition of Maltego is already present in Kali Linux distribution which is widely used by pentesters or hackers. It can be found here.
There are many such tools available in Kali Linux which can be used for gathering information and intelligence. Many online tools provide API to collect information programmatically from their database by querying. This can be done if enough information is not being provided by Kali tools and you need better information for planning attack.
Plagiarism Score: 0% Calculated from SmallSEOTools
Leave a Reply