Information Gathering
Overview
Information gathering is a critical phase of the penetration testing process, where the primary goal is to collect as much data as possible about the target system or application. The aim of this phase is to identify potential vulnerabilities and weaknesses that could be exploited by attackers to gain unauthorized access to a system or network. The information gathered can be used to create an attack plan and determine the best approach to exploit the identified vulnerabilities.
Types of Information Gathering
There are two main types of information gathering in penetration testing:
Passive Information Gathering: This involves collecting information about the target system or application without directly interacting with it. This type of gathering includes searching for publicly available information about the target, such as information on the company's website, social media profiles, or job postings. Passive information gathering can also include gathering information from third-party sources, such as public databases or online forums.
Active Information Gathering: This involves actively probing the target system or application to gather information. This type of gathering includes techniques such as port scanning, banner grabbing, and fingerprinting, which involve sending requests to the target system and analyzing the responses. Active information gathering can also include exploiting known vulnerabilities to gain access to additional information about the target.
Tools Used in Information Gathering
There are several tools that can be used in information gathering, including:
- Nmap: Nmap is a popular network exploration and security auditing tool that can be used for both passive and active information gathering. It is used to identify open ports, services, and operating systems running on a target system.
- Shodan: Shodan is a search engine that can be used for passive information gathering. It can be used to search for devices connected to the internet, such as webcams, routers, and servers.
- theHarvester: theHarvester is a tool used for passive information gathering. It can be used to gather email addresses, subdomains, and other information about a target from various sources, such as search engines, social media, and public databases.
- Sublist3r: Sublist3r is a tool used for passive information gathering. It can be used to enumerate subdomains of a target domain from various sources, such as search engines and public databases.
Using Information in Next Phase (Vulnerability Scanning)
The information gathered in the information gathering phase can be used in the next phase of the penetration testing process, which is vulnerability scanning. The information can be used to identify potential vulnerabilities and weaknesses in the target system or application. For example, the information gathered from Nmap can be used to identify open ports and services running on the target system, which can be used to determine the attack surface. The information gathered from other tools such as theHarvester and Sublist3r can be used to identify potential targets for further testing.
Subscribe to my newsletter
Read articles from Fawaz Khosaifan directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by