Chapter 2. Advanced Reconnaissance Techniques
Actionable information is the key to success when performing a penetration test. The amount of public data that is available on the Internet is staggering, and sifting through it all to find useful information can be a daunting task. Luckily, there are tools available that assist in gathering and sorting through this wealth of knowledge. In this chapter, we will be reviewing some of these tools and will focus on how to use the information to ensure your penetration tests are efficient, focused, and effective. Key topics covered include:
- What is reconnaissance and why do we need it
- Reconnaissance types
- Using DNS to quickly identify potential targets
- Using search engines data
- Using metadata to your advantage
Note
Throughout this chapter we will use the domain names
example.com, example.org, andexample.netwhich are owned and maintained by IANA. DO NOT USE THESE FOR PRACTICE PURPOSES.These domain names are used as a representation of a domain that you own and/or have permission to use as a target for your testing. Ideally, you would set up a segmented and controlled virtual lab with DNS servers that allows you to test all of these commands at your leisure.