Information gathering techniques
Classically speaking, information gathering techniques consist of the following two classes:
- Active techniques
- Passive techniques
Active techniques
Typically, an active technique is connecting to our target for gaining information. This may include running port scans, enumerating files, and so on. Active techniques can be detected by the target, so care must be taken to ensure that we don't perform unnecessary techniques that generate a lot of noise. They could be picked up by the firewall of the target, and prolonged scans to enumerate information can even slow down the target for regular users.
Passive techniques
Using passive techniques, we make use of third party websites and tools that don't contact the target for harvesting data for our reconnaissance purposes. Websites like Shodan and Google can purge a lot of data for a website, properly utilizing these can be extremely beneficial for getting information that can be later used in exploiting...