Introduction To Information Gathering

Information Gathering

Information gathering is the first step of any penetration test and involves gathering or collecting information about an individual, company, website or system that you are targeting.

What is the first step in any penetration test that involves gathering or collecting information?

• Information Gathering

  • The more information on your target, the more successful you will be during the latter stages of a penetration test.

What type of information gathering involves gathering as much information as posible without actively engaging with the target?

• Passive Information Gathering

What type of information gathering involves gathering as much information as possible by actively engaging with the target system?

• Active Information Gathering

What involves utilizing publicly available information or resources to learn more about a website and more?

• Passive information gathering

Passive Information Gathering

• Identifying IP Addresses and DNS information

• Identifying domain names and domain ownership information

• Identifying email addresses and social media profiles

• Identifying web technologies being used on target sites

• Identifying subdomains

Active Information Gathering

• Discovering open ports or target systems

• Learning about the internal infrastructure of a target network/organization

• Enumerating information from target systems