Reconnaissance & Scanning Phases Comprehensive

This illustration is taken from Pentesting a Survival Guide. I think it will be useful for beginners and other non-offensive security professionals.

Reconnaissance is the first stage of a penetration test. When testing a target that is accessible from the Internet, search engines, and social networking websites can reveal useful information. Search engines store a wealth of information that is helpful when performing a black box penetration.

Active recon is equally essential and gives vital information for later stages of pen-testing. A well-configured tool like Burp along with attention to details is the key to the success.

I would like to add a thought before ending this post with a thought from another book.

Discouraging #hackers from exploring and looking for #vulnerabilities doesn’t solve anything. Convincing everyone the emperor is wearing fancy new clothes doesn’t change the reality that he’s naked. Undiscovered vulnerabilities just lie in wait for someone much more malicious than an average #hacker to discover them.
— Book: Art of #Exploitation by #JonErickson

Leave a Comment