Reconnaissance
Reconnaissance is a set of processes and techniques (Footprinting, Scanning & Enumeration) used to covertly discover and collect information about a target system.
Passive/Active Information Gathering
Active Reconnaissance
In this process, you will directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if you are planning active reconnaissance without permission. If you are detected, then system admin can take severe action against you and trail your subsequent activities.
Passive Reconnaissance
In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems
A good start for this is the OSINT Framework, which provides a powerfull wiki: https://www.osintframework.com
The list is huge and I'll just cover a few of them, which I also used during the CAS.
Find Email Adresses
Hunter: https://hunter.io/search/
Results looks like this:
Another cool tool is called theHarvester: http://www.edge-security.com/theharvester.php
theHarvester -d csnc.ch -l 1000 -b bing
Another useful tool to check if a gathered e-mail adress is valid or not can be: https://www.mailboxvalidator.com/demo
Result:
Check e-mail adress for breached data:
Subdomain and Certificate Search
Vulnerability search
DNS Enumeration
Reconnaisance Tools
This is just a short overview! For more ressources please check out the OSINT Framework Website :)
Last updated