Chapter 2. Information Gathering
Information Gathering is a phase in which we attempt to gather information regarding the target we're attempting to break into. The information can be open ports, services running, applications like unauthenticated administrative consoles or those with default passwords. I'd like to quote Abraham Lincoln – Give me six hours to chop down a tree and I will spend the first four sharpening the axe.
In simple words, the more information we gather about the target, the more it will be beneficial to us, as there will be more attack surface available to us. Assume that you want to break into your neighbor's house. You'll probably inspect the varied locks they use before breaking-in, this will ensure that you can check the ways to break that lock beforehand. Similarly, when doing a web application assessment, we need to explore all the possibilities of breaking into the web application, because the more information we can gather...
