Information gathering is where you extract as much information as possible about the target.

Information gathering Techniques/methods

• Footprinting
• Social engineering - phishing 
• Enumeration
• Sniffing (capture stage)
• Eavesdropping
• Data breaches info 

📌 Email address & LinkedIn profile contain almost everything about your target.

TYpes of reconnaissance

1. Active reconnaissance.

• Direct interaction with the target to get information.

Active Recon Methods

• Host enumeration
• Network enumeration
• User enumeration
• Group enumeration
• Network share enumeration
• Web page enumeration
• Application enumeration
• Service enumeration
• Packet crafting

Tools

• Maltego-ng
• Recon-ng
• SpiderFoot
• The harvester
• SET toolkit
• HostileSubBruteforcer
• Sublist3r
• Amass

2. Passive reconnaissance.

• Data collection without any direct engagement with the target.

Passive recon Methods

• Domain enumeration
• Packet inspection
• Open-source intelligence (OSINT)
• Eavesdropping

Tools

• OSINT Framework
• nslookup
• Whois
• Google dorks
• Wayback Machine

📌If you don’t see it, doesn’t mean it’s not there.

---

1. Footprinting

Archived data

• Wayback machineSource Code Search 
• Github
• Grep

Devices / Software

• Censys
• Down for Everyone or Just Me
• Edgar DB
• Shodan.io
• Grey Noise

Emails search

• DeleteMe
• Have I been pawned
• Hunter.io
• Netlas.io
• SayMine

Images

• Face check
• PimEyes

Networks

Wigle

Open source data

• OSINT Framework
• Facebook ID
• Carrot2 search

URL scanner

• target="_blank" rel="noopener noreferrer"Cyscan

Usernames/ contacts 

• Peoples Search
• User Serach
• Whats My Name

Vulnerabilities 

• Vulners
  
• Google Hacking Database
  
• Fullhunt.io
• Mitres CVE
• Common Vulnerabilities & Exposure
• OWASP TOP 10
• Common weakness Enumeration

Website monitoring

• HTTrack
• Website copier
• NCollector studio

---

2. Social engineering 

Social engineering is the art of manipulation 

• Impersonation 
• Phishing - email, text
• Baiting  - lure using free gifts
• Tailgating - follow authorized person
• Quid pro quo - bribe
• Honeypot - fake online persona
• Dumpster diving - trash, dustbin 
• Evil twin i.e fake wi-fi Acces point

📌95% of Cybersecurity breaches are caused by human error.

Tools

1. Shellphish
2. Blackeye
3. Evilginx
4. Dradis
5. Basket

Stages of social engineering

1. Research Targets
2. Select target
3. Develop relationship
4. Exploit relationship

Phishing propagation methods

• Pop up windows
• Spam mails
• Scareware
• Instant chats
• Malicious apk
• Repackaging Legitimate apks
• SMS phishing 

---

3. Enumeration.

Enumeration involves actively gathering detailed information about a target system or network after initial reconnaissance has been conducted.

Purpose/goal of Enumeration

This includes identifying:
Usernames and passwords
Network shares
Services running on the system
Operating system details - Network resources and devices

Enumeration Tools

• Nmap
• SNMP-check
• Metasploit(auxiliary)
• Netcat
• Enum4linux

📌Knowing your enemy is winning half the war.

Techniques/methods

• SNMP Enumeration
• NetBIOS Enumeration -user accounts and shared resources.
• Lightweight Directory Access Protocol(LDAP) directories Enumeration
• DNS Enumeration

Sniffing(Capture Network Traffic).

Sniffing in reconnaissance is the process of capturing and analyzing network traffic.

Sniffing Tools

Capsa network analyzer - Face niff - Omnipeek - Sniffer wicsp - Steel central packet analyzer

Data breaches.

There exists forums that post breached data and leaked information.

• Data breaches
• Personal information i.e Mail, Name, Phone numbers,
• Identifications: ID, Passports, Credit card
• Device type detection i.e Mac, Linux, Windows, Android, iOS

Leaked information 

• AmIUnique
• CX security
• Data breaches
• Google Hacking Database
• Inteligence X
• Lookup
• Onyphe
• Patch Stack
• Telegram channels 
• Vuln DB

---