Passive

Passive Reconnaissance does not involve direct interaction with the target. Instead, the tester gathers information from public resources and external observation.

Website Reconnaisaince & Footprinting

Website Reconnaissance and Footprinting are key stages in gathering information about a target website without directly interacting with its systems, thus falling under passive reconnaissance.

Reconnaissance refers to the broad process of gathering data about a target in general. For websites, this includes publicly available information that can be accessed without interacting with the website's server.

Footprinting, on the other hand, is a more focused process within reconnaissance. It involves creating a detailed map of the website’s infrastructure, identifying key components, and highlighting potential attack vectors. Footprinting allows an attacker or penetration tester to understand the target's architecture and vulnerabilities.

Let’s consider a public company’s website as the target:

• Reconnaissance would involve collecting all the publicly available data like:

  • The company’s domain name, subdomains, DNS info, and IP address.

  • What web technologies (such as WordPress, nginx, or Apache) are running.

  • Finding social media profiles linked to the company or employees.

• Footprinting would involve creating a detailed report that identifies:

  • Specific server details (e.g., Apache v2.4.41).

  • Subdomains such as mail.company.com or api.company.com that may have weaker defenses.

  • A map of how various services and technologies are interconnected.

Reconnaissance is the general information-gathering phase where broad data is collected. Footprinting is a more detailed mapping of the target’s architecture and potential entry points.

Information Sought: In passive reconnaissance, the information we seek includes: IP addresses, Hidden directories not indexed by search engines, Names, Email addresses, Phone numbers, Physical addresses, Web technologies in use, etc.