Introduction
Reconnaissance refers to the preparatory phase where an attacker gathers as much information as possible about the target prior to launching the attack. Also in this phase, the attacker draws on competitive intelligence to learn more about the target. This phase may also involve network scanning, either external or internal, without authorization.
Reconnaissance techniques can be categorized broadly into active and passive reconnaissance.
Passive Reconnaissance - The attacker does not interact with the target systems / environment directly. He uses publicy available information (known as OSINT - Open Source Intelligence), Social Engineering or Dumpster Diving to gather information. These methods are nearly impossible to be detected by the target.
Active Reconnaissance - The attacker directly interacts with the target systems / environment, e.g by connecting to the targets website to learn more about its business and processes. As these active connections can be detected by the target, attackrs tend to limit them to the absolut necessary and use anonymization technologies like Virtual Private Networks (VPN) or Proxy Networks to mask their identity.
Reconnaissance Frameworks
Programs
| Name | Link |
|---|---|
| Recon-NG | https://bitbucket.org/LaNMaSteR53/recon-ng |
| DataSploit | https://github.com/DataSploit/datasploit |
| Maltego | https://www.paterva.com/web7/ |
| theHarvester | https://github.com/laramies/theHarvester |
Sites and Databases
| Name | Link | |
|---|---|---|
| OSINT-Framework | http://osintframework.com/ \ | https://github.com/lockfale/OSINT-Framework |