Active and Passive Information Gathering Techniques- Introduction
Doing a penetration test is about breaking into the system and taking its ownership . To break into a system, we need to identify its possible entry points and any vulnerabilities in these entry points. To identify the above information we need to gather information about our targets. More we know about the targets, it will easier our chances of successfully penetrating the system.
Information gathering can be broken into two main logical steps.
- Passive Information Gathering
- Active Information Gathering
In passive information gathering process we are collecting information about the targets using publicly available information(resources). Can be use Search engine results, who-is information. The goal is to find many information as possible about the target.
Active Information Gathering we can gather more information about these targets by actively interacting with them. However, unlike passive information gathering, doing this without authorization can be illegal. Can be use DNS Enumeration, Port Scanning, OS Fingerprinting. Similar to passive information gathering, goal of active information gathering is to gather information as much as possible.
My next article will be detail explanation of passive information gathering techniques.
Passive Information Gathering