🔍Reconnaissance

This process involves systematically and meticulously collecting information about a target website or web application. The primary goals of web reconnaissance include:

• Identifying Assets: Uncovering all publicly accessible components of the target, such as web pages, subdomains, IP addresses, and technologies used.

• Discovering Hidden Information: Locating sensitive information that might be inadvertently exposed, including backup files, configuration files, or internal documentation.

• Analysing the Attack Surface: Examining the target's attack surface to identify potential vulnerabilities and weaknesses. This involves assessing the technologies used, configurations, and possible entry points for exploitation.

• Gathering Intelligence: Collecting information that can be leveraged for further exploitation or social engineering attacks. This includes identifying key personnel, email addresses, or patterns of behaviour that could be exploited.

Types of Reconnaissance

• Passive Reconnaissance

• Active Reconnaissance

Passive Reconnaissance

Passive reconnaissance involves gathering information about the target without directly interacting with it.

• Search Engine Queries

• WHOIS Lookups

• DNS

• Web Archive Analysis

• Social Media Analysis

• Code Repositories

Active Reconnaissance

In active reconnaissance, the attacker directly interacts with the target system to gather information.

• Port Scanning

• Vulnerability Scanning

• Network Mapping

• Banner Grabbing

• OS Fingerprinting

• Service Enumeration

• Web Spidering