Definition: Passive reconnaissance involves collecting information about a target without direct interaction with the target's systems or networks. It aims to gather data discreetly to avoid detection.
Techniques:
WHOIS Lookup: Gathering domain registration details.
Social Media: Analyzing social media profiles for information about individuals or organizations.
Public Records & Databases: Accessing publicly available databases for financial reports or legal records.
Search Engines: Using Google or other search engines to find information about the target.
DNS Queries: Investigating DNS records to discover subdomains or IP addresses.
Network Traffic Analysis: Observing network traffic passively via methods like packet sniffers, given you have access.
Definition: Active reconnaissance involves directly interacting with the target to gather information. This method is more intrusive and can be detected by security measures in place.
Techniques:
Port Scanning: Using tools like Nmap to discover open ports on a target machine.
Service Enumeration: Identifying services running on a target, which can provide more details regarding vulnerabilities.
Vulnerability Scanning: Using automated tools to scan for known vulnerabilities in the target systems.
Social Engineering: Engaging with personnel to extract useful information (e.g., phishing).
Ping Sweeps: Sending ICMP requests to establish live hosts.