Reconnaissance

Reconnaissance is a set of processes and techniques (Footprinting, Scanning & Enumeration) used to covertly discover and collect information about a target system.

Passive/Active Information Gathering

Active Reconnaissance

In this process, you will directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if you are planning active reconnaissance without permission. If you are detected, then system admin can take severe action against you and trail your subsequent activities.

Passive Reconnaissance

In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems

A good start for this is the OSINT Framework, which provides a powerfull wiki: https://www.osintframework.com

The list is huge and I'll just cover a few of them, which I also used during the CAS.

Find Email Adresses

Hunter: https://hunter.io/search/

Results looks like this:

Another cool tool is called theHarvester: http://www.edge-security.com/theharvester.php

theHarvester -d csnc.ch -l 1000 -b bing

Another useful tool to check if a gathered e-mail adress is valid or not can be: https://www.mailboxvalidator.com/demo

Result:

This is just a short overview! For more ressources please check out the OSINT Framework Website :)

PreviousStart NextOpensource Intelligence

Last updated 2 years ago

Passive/Active Information Gathering

Active Reconnaissance

Passive Reconnaissance

Find Email Adresses

Check e-mail adress for breached data:

Subdomain and Certificate Search

Vulnerability search

DNS Enumeration

Reconnaisance Tools