Passive
Passive Reconnaissance does not involve direct interaction with the target. Instead, the tester gathers information from public resources and external observation.
Website Reconnaisaince & Footprinting
Website Reconnaissance and Footprinting are key stages in gathering information about a target website without directly interacting with its systems, thus falling under passive reconnaissance.
Reconnaissance refers to the broad process of gathering data about a target in general. For websites, this includes publicly available information that can be accessed without interacting with the website's server.
Footprinting, on the other hand, is a more focused process within reconnaissance. It involves creating a detailed map of the website’s infrastructure, identifying key components, and highlighting potential attack vectors. Footprinting allows an attacker or penetration tester to understand the target's architecture and vulnerabilities.
Let’s consider a public company’s website as the target:
Reconnaissance would involve collecting all the publicly available data like:
The company’s domain name, subdomains, DNS info, and IP address.
What web technologies (such as WordPress, nginx, or Apache) are running.
Finding social media profiles linked to the company or employees.
Footprinting would involve creating a detailed report that identifies:
Specific server details (e.g., Apache v2.4.41).
Subdomains such as mail.company.com or api.company.com that may have weaker defenses.
A map of how various services and technologies are interconnected.
Reconnaissance is the general information-gathering phase where broad data is collected. Footprinting is a more detailed mapping of the target’s architecture and potential entry points.
Information Sought: In passive reconnaissance, the information we seek includes: IP addresses, Hidden directories not indexed by search engines, Names, Email addresses, Phone numbers, Physical addresses, Web technologies in use, etc.
Last updated