Reconnaissance

Before to do an attack, it’s important to do a reconnaissance regarding the target and to gather information about it.

You have two kind of reconnaissances:

Passive
Active

In passive reconnaissance, it’s information to can get from public information, that can be DNS informations (whois, dig, host), the job regarding the target in the company, articles from news, TV, social networks, etc.

You have these tools can be very useful:

https://www.shodan.io/
https://dnsdumpster.com/

In active reconnaissance, you need to get information with the target directly, that can be identify all entry points: HTTP, FTP, HTTPS, SSH, IMAP, get information from social engineering.

You have use different tools, like ping, telnet, traceroute

With telnet, you can get HTTP information:

telnet <ip> 80
GET / HTTP/1.1
host: telnet

When you wish to get HTTP information, it’s important to specify this request GET / HTTP/1.1 and followed y host: telnet.

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search