Chapter 4. Intelligence Gathering

Actionable information is the key to success when performing a penetration test. The amount of public data that is available on the Internet is staggering, and sifting through it all to find useful information can be a daunting task. Luckily, there are tools available that assist in gathering and sorting through this wealth of knowledge. In this chapter, we will be reviewing some of these tools and focus on how to use the information to ensure your penetration tests are efficient, focused, and effective. Key topics covered include:

• What is reconnaissance and why do we need it?
• Reconnaissance types
• Using DNS to quickly identify potential targets
• Using search engines data
• Using metadata to your advantage

  Tip

  Throughout this chapter, we will use the domain names example.com, example.org, and example.net, which are owned and maintained by IANA. Do not use these for practice purposes.

  These domain names are used as a representation of a domain that you own and/or have permission to use as a target for your testing. Ideally, you would set up a segmented and controlled virtual lab with DNS servers that allows you to test all of these commands at your leisure. For this, refer to the Packt book Building Virtual Pentesting Labs for Advanced Penetration Testing.