The process of gathering information about your target is called information gathering. Information gathering is also called reconnaissance or just recon.
But the question is why we need to gather information? And most importantly, what kind of information?
Okay for example you have to hack into systems of an organization somehow. So what will you do? You are totally blank. You just know there is an organization with this name, that’s all. You will need to know about your target right? Like about their website(s), servers etc.
If you have enough information you will have many different breakpoints, you maybe able to target their employees, their website, their servers or even do social engineering physically.
You can even write this down, you will be spending 80% of your time in reconning and writing exploits and just 20% in really hacking the target.
A hacker has to be precise like a sniper, stealthy like a ninja. He never tries something on the target blindly thinking that it might work because that can raise alarm without any benefit.
Information Gathering can be categorized into two parts:
1. Passive Information Gathering: Gathering information without touching the target. In this phase we mainly try to gather publicly available information like information about the domain, hosting providers, publicly available phone numbers and emails, confidential record left available etc.
2. Active Information Gathering: It includes running port scans, footprinting OS and programs running on the server, fuzzing, analyzing website for potential vulnerabilities etc.
You will start with passive recon to get your self to get some idea about what you are actually targeting and then you can do active recon the potential targets you got from passive recon.
After reconnaissance, you can do vulnerability assessment and then write or find exploits for the vulnerability you can use that exploit to gain access.
So basically we can say there are 4 phases in the whole process of gaining access to a target:
Tools For Information Gathering
There are a lot of tools available like nmap, sparta, maltego, recon-ng etc. But use online services instead of doing something from your machine whenever possible because using them will help you to minimize your footprints.
By online services I mean there are many websites that can help you to scan ports, to detect cloudflare, to gather domain information etc.
There are many such websites and I will tell you about them too and with experimenting you will know which ones are good and which ones are not.
So it was just an introductory article because we are going to start a whole series on Information Gathering.
I hope you guys liked it.