1. Information Gathering
Introduction
Purpose of This Phase is to collect maximum intelligence about the target before launching any attacks. The more you know, the higher your success rate and the lower the noise.Two Main ApproachesPassive Recon → Gather data without touching the target (OSINT, Google dorks, WHOIS, leaked credentials, etc.).Active Recon → Directly …
Nmap
Nmap (The Network Mapper) is the most powerful, flexible, and widely used open-source port scanner and network reconnaissance tool in the world. Written by Gordon Lyon (Fyodor), it has been the de-facto standard for security professionals, pentesters, sysadmins, and attackers for over 25 years.Why Nmap Is Still KingDiscovers live hostsFinds …
WHOIS & ASN Reconnaissance
WHOIS is a public registry—and the tool used to query it—that stores registration data for every domain name on the internet. When a domain is registered, metadata such as the owner’s name, organization, contact details, registration dates, name servers, and registrar are recorded in this system.Much of this information is …
Public footprinting
Google Hacking Google Hacking, also known as Google Dorking, involves using advanced Google search operators to uncover information that websites unintentionally expose. This can include sensitive files, open directories, configuration data, or server details. These techniques allow security researchers to map a target’s digital footprint without directly interacting with its …
DNS OSINT
DNS enumeration is an active reconnaissance technique used to directly query a target’s infrastructure for intelligence.The Domain Name System (DNS) functions as the internet’s translation layer, converting human-readable domain names (like google.com) into the numeric IP addresses that systems use to communicate. When you interact with DNS, you are actively …
Port & Service Discovery
Port Scanning Basics Information gathering doesn’t stop at public data. At some point, an attacker must interact with the target network directly. Port and service discovery is usually the first active step — carefully knocking on doors to see which ones respond.This phase answers a simple but critical question:What is …