Information Gathering: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
= Information Gathering = | = Information Gathering = | ||
Information gathering is the initial phase of hacking and reconnaissance. | '''Information gathering''' is the initial phase of hacking and reconnaissance. | ||
It focuses on collecting technical and contextual data about a target system, organization, or individual — before any exploitation is attempted. | |||
It | It includes both '''passive methods''' (observing without interacting directly) and '''active methods''' (engaging with the target system to elicit responses). | ||
The purpose is to establish a baseline understanding of the digital environment, reveal potential vulnerabilities, and map the attack surface. | |||
== Techniques == | |||
Information gathering relies on a wide range of techniques and tools, depending on scope and approach: | |||
=== Passive Reconnaissance === | |||
* Monitoring public data sources (search engines, social media, company websites) | |||
* Collecting DNS and WHOIS records | |||
* Reviewing public repositories, job postings, and metadata leaks | |||
=== Active Reconnaissance === | |||
* Performing port scans | |||
* Fingerprinting services and operating systems | |||
* Querying DNS servers directly | |||
* Testing server responses to crafted inputs | |||
== Subcategories == | == Subcategories == | ||
| Line 13: | Line 28: | ||
== Purpose == | == Purpose == | ||
The main objective is to reduce the unknowns in a system. | |||
By compiling an accurate profile of a target, security professionals and researchers can make informed decisions about how to proceed. | |||
This process is essential in both ethical penetration testing and adversarial threat modeling. | |||
== Common Goals == | == Common Goals == | ||
* Discover live hosts | * Discover live hosts and IP ranges | ||
* | * Identify open ports and running services | ||
* | * Map subdomains and infrastructure | ||
* | * Determine software versions and potential vulnerabilities | ||
* | * Extract metadata and leaked internal references | ||
* Enumerate usernames, emails, or associated accounts | |||
== Considerations == | |||
* Active scanning can generate detectable traffic; caution is advised when testing external targets. | |||
* Passive techniques offer stealth but may return outdated or incomplete information. | |||
* All data gathered should be documented clearly for later analysis and correlation. | |||
== Related Concepts == | |||
* [[Footprinting]] | |||
* [[Enumeration]] | |||
* [[Recon-ng]] | |||
* [[Threat Modeling]] | |||
Revision as of 13:42, 11 May 2025
Information Gathering
Information gathering is the initial phase of hacking and reconnaissance. It focuses on collecting technical and contextual data about a target system, organization, or individual — before any exploitation is attempted.
It includes both passive methods (observing without interacting directly) and active methods (engaging with the target system to elicit responses). The purpose is to establish a baseline understanding of the digital environment, reveal potential vulnerabilities, and map the attack surface.
Techniques
Information gathering relies on a wide range of techniques and tools, depending on scope and approach:
Passive Reconnaissance
- Monitoring public data sources (search engines, social media, company websites)
- Collecting DNS and WHOIS records
- Reviewing public repositories, job postings, and metadata leaks
Active Reconnaissance
- Performing port scans
- Fingerprinting services and operating systems
- Querying DNS servers directly
- Testing server responses to crafted inputs
Subcategories
- DNS Reconnaissance – Interrogate DNS to uncover subdomains, records, zones, and relationships.
- Network Scanning Tools – Use scanners like Nmap or Masscan to map open ports and services.
- OSINT Tools – Gather public data using platforms like theHarvester, SpiderFoot, and custom scripts.
Purpose
The main objective is to reduce the unknowns in a system. By compiling an accurate profile of a target, security professionals and researchers can make informed decisions about how to proceed.
This process is essential in both ethical penetration testing and adversarial threat modeling.
Common Goals
- Discover live hosts and IP ranges
- Identify open ports and running services
- Map subdomains and infrastructure
- Determine software versions and potential vulnerabilities
- Extract metadata and leaked internal references
- Enumerate usernames, emails, or associated accounts
Considerations
- Active scanning can generate detectable traffic; caution is advised when testing external targets.
- Passive techniques offer stealth but may return outdated or incomplete information.
- All data gathered should be documented clearly for later analysis and correlation.