Information Gathering
Information Gathering
Information Gathering is a phase in which we attempt to gather information regarding the target we're attempting to break into. It is the first step or the beginning stage of Ethical hacking. The information can be open ports, services running, like unauthenticated administrative consoles or those with default passwords.
The more information we gather about the target, the more it is beneficial to us, as there will be more attack surface available to us. When doing a Web Application assessment we need to explore all the possibilities of breaking into the Web Application.
Information Gathering Techniques:
* Active techniques:
An Active technique is connecting to our target for gaining information. This may include running port scans, enumerating files and so on. Active techniques can be detected by the targets, so care must be taken to ensure that we do not perform unnecessary techniques.
* Passive techniques:
Using Passive techniques we use third party websites and tools that don't contact the target for gathering data for our reconnaissance purposes. The best part of Passive scanning is the target that never gets a hint that we are performing a reconnaissance. Since we do not connect to the target no server logs are generated.
Websites like Shodan, Virustotal and Google can extract lot of data for a website.
Enumerating Sub-Domains, Hidden directories, Files and Resources:
The following recon tools can be used to gather information about the target site :-
Sublist3r tools is designed to enumerate subdomains of the target site using OSINT. It enumerates subdomains using many search engines like Google, Bing, Baidu and using some thirdparty sites and so on. Click here : https://github.com/aboul3la/Sublist3r.git
Features:
- Web Technology Detection
- Subdomain enumeration
- IP Discovery
- SSL
- CORS
- Wayback Machine Discovery
- Port Scan
- Vulnerable Scan
- Whois, Dig info and many more.
Dir Buster searches for hidden pages and Directories on a web server. Sometimes developers will leave a page accessible, but unlinked. This is a Java Application developed by OWASP. For more details visit DirBuster homepage Click here .
Below i'll list some tools which can be used in active reconnaissance :
The Following Websites will be used for Passive Reconnaissance:
How you Gather, Manage and use Information will determine whether you win or lose!
Any suggestions ? comment down!💬
Post a Comment
3 Comments
awesome said bro
ReplyDeleteThank you bro🖤
DeleteHey Thanks for sharing this blog its very helpful to implement in our work
ReplyDeleteRegards
Hire a Hacker for cell phone