⚔️
Carpa Security Book
  • 😎Introduction
  • 🔴Offensive Security
    • Reconnaissance & Information Gathering
      • Passive Reconnaissance
        • Reconnaissance Frameworks
        • Metadata Analysis
        • Domain & IP Enumeration
        • Social Media
        • Email Addresses
        • Search Engines
      • Active Recon
        • System & Network
          • Network & Port Scanning
          • Vulnerability Scanners
          • OS Fingerprinting & Service Identification
          • Network Mapping and Visualization
          • Service Enumeration
        • Web Application
          • Public Resource
          • Technology Mapping
          • Analyzing Client Side Code
          • Testing User Inputs and Controls:
          • Analyzing Server Responses and Error Messages:
          • API and Endpoint Analysis:
          • Session Management Analysis
          • Automated Vulnerability Scanning
          • Web Enumeration
        • Wireless Network Reconnaissance
    • Exploitation & Target Compromise
    • Privilege Escalation
    • Post Exploitation
      • Lateral Movement
    • Attacktive Directory
    • Credential Attacks
    • Wireless
    • Social Engineering
    • Web App PenTesting
    • Physical Security
  • 🔵Defensive Security
  • 🖥️Linux Commands
  • 🔠Certificates Prep
  • 🔗Training and Resources
Powered by GitBook
On this page
  1. Offensive Security
  2. Reconnaissance & Information Gathering

Passive Reconnaissance

Passive Reconnaissance is a crucial initial step in the ethical hacking and penetration testing process, where the tester gathers as much information as possible about a target without directly interacting with the target's systems. Unlike active reconnaissance, passive recon doesn't involve sending traffic to the target's network, which could set off intrusion detection systems or alert the target of potential unauthorized probing. Instead, it leverages publicly available information - drawing from sources like company websites, databases, social media, and more to paint a comprehensive picture of the target's digital presence.

This phase is about collecting actionable intelligence that can be used to formulate a detailed profile of the target. For instance, passive recon can uncover details about a company’s internet footprint, including domains, subdomains, IP ranges, employee details, and even specifics about the technology stack they're using. Such information is invaluable for identifying potential vulnerabilities without the target's knowledge.

The goal is to avoid detection completely, as stealth is paramount in ensuring that subsequent active scanning and vulnerability assessment activities can be carried out with the element of surprise intact. Passive reconnaissance is the silent observation from the shadows, gathering data that will inform every subsequent move.

Transitioning to Active Reconnaissance

Once the passive reconnaissance phase is complete, the next step is to transition to active reconnaissance or active scanning. This shift marks the move from observation to interaction. During active recon, penetration testers begin to engage with the target’s systems using techniques such as port scanning, vulnerability scanning, and network mapping

PreviousReconnaissance & Information GatheringNextReconnaissance Frameworks

Last updated 1 year ago

🔴