What is information gathering and how can we perform it in 2021?
It is time we're learning details what is information gathering and how can we perform it? We already know that information gathering is the first step in penetration testing, and it is an act of gathering data about our target.
If you want the full prosses in a video formate you can contact me by contact form.
It can be any type of data that we might find useful for the future attack. And if you remember, there are two types of information gathering.
We got active information gathering and passive information gathering.
And we talked briefly about them, but now it is time to fully explain what both of them are.
So let's start with active information gathering.
Inactive information gathering, we use our Kleenex machine and we try to get as much data or as much information about our target while interacting with them.
It could be a target website that we need to test, so we need to find as many things about it as we can, or it could also be a network that we are testing or perhaps an entire company.
The main point is that with active information gathering, we directly get that data from the target.
This could mean directly exchanging packets with the target by visiting and enumerating their website,
or it could also mean talking to an employee that works there.
We could maybe call them over the mobile phone to try to get them to tell us something important, but this part is also considered social engineering.
Nonetheless, any action where you exchange something with the target is active information gathering.
This can be legal to an extent, if you start performing some advanced scans or fingerprinting on the target, you most likely won't get in trouble, but you should still not do it without permission.
And it is important to mention that usually active information gathering will provide us with much more important data than passive information gathering since we are directly interacting with the target.
On the other hand, we got massive information gathering and it is similar.
We got our calisthenics machine and our target.
But we also have an intermediate system or what I like to call a middle source and what this middle
source is.
Well, basically, it could be anything from a search engine to a website.
It could also be a person.
But what matters is that information we get is going through that metal source.
For example, if we want to find out something about a certain target and we Google that target to find
some pages that contain information about it, this is considered passive information gathering.
OK, good, but what are the goals of this, what exactly are we searching for, which information could
be of value to us?
Usually, the first thing we search to identify a target is their IP address or IP addresses, if the
target has multiple addresses that belong to them.
This could be, for example, a company that has servers and buildings all around the world.
And if we were to test this company, we would also be interested in their employees to for example,
we will want to gather their emails, which could be useful for a future attack to gain access to that
company.
Or we could want to gather their phone numbers, which could also be useful.
But most importantly, and what we're mainly interested in are technologies that the target has.
If it was a company, we would want to know how many networks they have, what software is running
on their machines, what operating systems they have, if it was a website, we would also want to know
how that website was built, which programming languages it has.
Does it have JavaScript or, for example, just one software on one machine that is outdated or that
has unknown vulnerability that could be exploited is our way in.
So now that we know what we are looking for during this first step, it is time we see what tools and
programs can we use to find out as much information as possible about our target.
Let's do it.
