Penetration Testing — Reconnaissance stage
Reconnaissance is a very important step for every penetration tester working on a pen-testing project. Knowing the right tools to find or discover specific information makes it easy for the pentester to learn more about the target.
Introducing the target environment
Reconnaissance is a key part of an attack in that it can detail vulnerable areas of a system. The first step of information gathering can be as simple as a quick google search. One way to think about information gathering is like breaking into a house. There’s no need to break into the door to get inside when there is a window open. In information-gathering, we want to find if the company we are testing has left any doors unlocked or maybe a window open.
Looking for what? Some public key information that could be -
- Email addresses
- Phone numbers
- System information
- Contact Names
- etc. etc.
The reconnaissance pen test helps in determining an organization’s information on the internet such as network architecture, OS, apps, and users. Target might be a particular host or an organization. Pen-tester should attempt all best manners by which to accumulate however much data as could be expected so as to guarantee the most extreme extent of footprinting pen-testing.
Authorization — Pen tester should perform testing with authorization. The initial phase in a footprinting pen test is to get proper authorization from the association.
Define the scope of evaluation- Characterizing the scope of evaluation decides the scope of frameworks in the organization to be tried and assets that can be utilized to test, etc. It also in turn decides pen tester’s restrictions. When you characterize the scope, you should plan and assemble delicate data.
Administration- Gathering information through web administrations, for using tools like Netcraft, Pipl, Google Finance, and Google Alert to accumulate data about target association’s site, representatives and foundation.
Web crawlers- Use web indexes, for example, Google, Yahoo! Search, Ask, and Bing to accumulate target association’s data, for example, admin login pages, intranet loopholes, etc., that can help in performing social designing.
Site explore- Using tools like Burp Suite, HTTrack, Web Data Extractor, Web, and Metagoofi through which a pen-tester can create a site’s structure and design.
Email search- This seems to be possible via tools like eMailTrackerPro, and Yesware to accumulate information about the physical area of the user. Examining email headers can assist with gathering information, for example, sender’s IP address, date, sender’s letters worker and time received by originator’s email workers, verification framework utilized by sender’s letters worker, sender’s complete name, etc.
Use of Whois- Tools like Whois Lookup, SmartWhois, and Batch IP Converter to separate data about specific spaces. You can catch data, for example, IP address, space proprietor name, registrant name, and contact subtleties including telephone numbers, and email IDs. This data can be used to make a guide for structured organizations.
Social engineering- Implement social engineering methods, for example, snooping, dumpster plunging, pantomime on interpersonal interaction destinations, and phishing to accumulate basic data about target association.
The next phase (Scanning) would be covered in detail in my next blog.