What is Information Gathering
Information gathering, often referred to as reconnaissance, is a crucial first step in the ethical hacking process. It involves collecting data about a target system, network, or individual to understand potential vulnerabilities and attack surfaces. The more comprehensive the information, the better the chances of finding exploitable weaknesses.
A successful ethical hacking process hinges on effective information gathering. Without knowing how a system is structured and what vulnerabilities might exist, penetration testing becomes guesswork. By meticulously gathering and analyzing information, ethical hackers can identify potential security gaps and recommend steps to improve the system’s defenses.
Types of Information Gathering
There are two primary types of information gathering: active and passive.
1. Passive Information Gathering
Passive methods involve gathering data without directly interacting with the target. This reduces the risk of detection. Techniques include:
- WHOIS lookups: Obtaining domain registration information.
- Google Dorking: Using advanced search queries to find sensitive data.
- Social Media Profiling: Gathering public information from social networks.
- Public Records: Reviewing publicly available databases and documents.
2. Active Information Gathering
Active methods involve direct interaction with the target system, increasing the chance of detection but providing more detailed information. Techniques include:
- Port Scanning: Tools like Nmap can be used to identify open ports and services running on the target system.
- Ping Sweeps: To determine live hosts within a network.
- DNS Enumeration: Identifying domain names, subdomains, and IP addresses linked to the target.
Tools for Information Gathering
- Nmap: A powerful tool for network discovery and security auditing.
- Shodan: A search engine for internet-connected devices, offering insights into exposed systems.
- Recon-ng: A web reconnaissance framework that automates the process of gathering information.
- Maltego: A data-mining tool that creates visual maps of relationships between people, companies, websites, and more.
Here's a list of 15 best tools used for information gathering
What information we will gather in this information gathering series
- IP address
- Domain name info
- Technologies used
- Other websites on the same server
- DNS Records
- Unlisted Files, sub-domains, directories