Information Gathering

Information gathering is one of the most important phases of an engagement. This step of the process helps you understand the target organization, widen the attack surface and mount efficient and targeted attacks.

OSINT - Open Source Intelegence

Social networks
Public sites
Visiting the company websites

Whois

The whois database can offer a lot of great information:

Owner name
Street addresses
Email address
Technical contacts

whois domain.test

Subdomain Enumeration

Through subdomain enumeration a pentester can possibly identify additional resources of a target.

Tools

dnsdumpster.com
sublist3r
crt.sh
amass

The Importance of Information Gathering

A good pentester spends 90% of their time widening the attack surface and 10% launching the correct commands to exploit the target.

PreviousPenetration Testing NextScanning

Last updated 2 years ago

Was this helpful?