Save
network hack L1
network hack L2 recon and footprinting
Save
Share
Learn
Content
Leaderboard
Learn
Created by
kelly
Visit profile
Cards (20)
Reconnaissance and Footprinting
First phase in penetration testing
Know your
target
Information such as
network topology
,
operating systems
, applications, user accounts, etc
Without
tipping off the target
Open Source
Intelligence (
OSINT
)
Process of collection and analysis of data gathered from open sources to produce
actionable
intelligence
OSINT sources
Media
–
Newspapers
, magazines, etc
Internet
–
Domain Registrars
Public government data
Whois query
Provides
administrative contact
, email
address
, etc
Internet – People (Social Engineering)
Havester
Facebook
LinkedIn
Twitter
Posted Jobs
Domain Name System (DNS)
IP address
is required when interacting with the target
Name resolution
is the process where the target URL gets resolved into
IP address
Name
resolution
process
1. URL DNS
resolution
request goes to name resolver (
Caching DNS
)
2. Record
not found
,
recursive
name query starts
3. Till name
resolved
or
Non-existent
domain
Iterative DNS queries
Between
Local DNS
and other
DNS Servers
Recursive DNS queries
Between Client and local
DNS Servers
DNS Lookup tools
nslookup
on Windows
Dig
Dig for Mail Server record
dig [server] [name]
MX
Passive reconnaissance
Gathering information
without
actively engaging with the
target
systems
Active reconnaissance
Intruder engages with the targeted system to gather information about
vulnerabilities
Active reconnaissance tools
Network scanner
– e.g.
nmap
Vulnerability scanners
– eg
OpenVAS
Metasploit
Website Intelligence
Gather intelligence
using
web tools
Website Intelligence tools
Netcraft
httrack website copier
Google Hacking using
dork
theHarvester
Shodan
It is
illegal
to use Google dorks to access, download
illegal
or protected information
Footprinting
and
reconnaissance
are important activities in ethical hacking
Collect a lot of data for later use
Making minimal
alerts
Differentiate
between active and
passive
reconnaissance
Learnt about
reconnaissance tools
such Google dorks, DNS, nslookup, theHarvester, shodan, etc