Search Engines for Reconnaissance

In order to simulate a cyber attack on an application or a network, the pentester needs access to information about the target. They gather this information in the reconnaissance stage. 

Whether a hacker wants to target an entire network or a single web application, they need to know as much as they can. That is exactly how a pentester approaches the target. The scoping done in the previous phase helps the pentester narrow down the recon to increase efficiency. 

There are two kinds of reconnaissance

Active reconnaissance

The pentesters engage directly with the target system to gather information. While this is a more accurate approach to reconnaissance, it makes more noise since the intruder interacts with the system.

Passive reconnaissance

In this mode, the intruder does not interact with the target system and applies different passive strategies instead to gather information. They can try to eavesdrop on network traffic, trace OS footprinting or internet footprinting.

When it comes to attacking a web application, mapping is an important part of the recon operation. This step helps the attacker to look at all the pieces of the application in one place and form an understanding of how the app works. An application has many implemented functionalities and understanding them is crucial for the success of the subsequent penetration testing phases.

A small collection of links, for reconnaissance.

The goal is to gather as much data as possible so that the tester can plan an effective attack strategy.