Introducing reconnaissance with Bash
The urge to jump straight to scanning and hacking can be hard to overcome when you’re passionate about pentesting. I’ve lost count of the number of times in my career that I’ve done a less than thorough job of reconnaissance before jumping to active scanning only to later hit a wall. That’s when I find that circling back to the recon phase and finding some juicy nuggets is the key to success.
One pentest I did years ago stands out in my memories above the rest. I was pentesting a simple web page with a login form. Nothing else was in scope. I wasn’t given any credentials. If I managed to find working credentials or bypass the login form, it was game over.
I thoroughly attacked the login form for three days and had nothing to show for it. That’s when I circled back to reconnaissance. I ended up finding that the company had a GitHub account with some public repositories. One of those repositories contained...
