recconaissance

this is the most important step in hacking and maybe we gonna spend 70% of our time in this
step.

very basic: in this step we are gonna get the company information about webserver they are using , physical location ,
founded in year, officers of the company, do they have any more branches., press releases.

basic things : here you are going to analyse what operating systems(windows or linux and their versions as well) they
are using, what web server they are using(IIS , apache, free BSD and their versions as well).

performing queries: here my goal is to get information about the underlying network,
DNS server , IP range , webserver on whois etc.

TYPES of recon:
active : means accessing data using social engineering skills .
passive : means using internet sources like wayback machine or whois etc.
internet : using internet , similar to passive but google hacking comes in this category
anonymous: anonymously accessing data such that they can't track you
organisation / private: information gathering from email services comes in this category.

GOALS OF RECON

network information

external domain :
internal domain :
ip addresses :
unmonitored/private websites :
TCP / UDP services they are using :
IDS / access controls :
VPN info:
phone nos. / voIP :

tools used :
search engines: like google , bing , lycos, don't just stick to first three pages of result go beyond that because you can
there find some historical data, also don't just stick to google only use lycos as well.

websites: while using company website be as passive as possible.

softwares/tools: like tools on kali linux .

1/1