Reconissance

What exactly in detail is reconissance? As far as I know it's scanning a netblock until you find a vulnerable target.

Comments

  • cyberguyprcyberguypr Senior Member Mod Posts: 6,899 Mod
    Reconnaissance is basically gathering information about your target. There's passive reconnaissance which is done quietly, with zero target interaction. That means no packets flowing. Some example of passive recon include Google searches, SEC filings, job postings, social media, watching employees arriving and leaving, and other kinds of OSINT. Active reconnaissance means you are somehow touching your target. Examples include doing port scans, vuln scans, fingerprinting, walking into the building and talking to the receptionist/security guard, checking to see if doors are locked, etc.
  • rob1234rob1234 Banned Posts: 151
    cyberguypr wrote: »
    Reconnaissance is basically gathering information about your target. There's passive reconnaissance which is done quietly, with zero target interaction. That means no packets flowing. Some example of passive recon include Google searches, SEC filings, job postings, social media, watching employees arriving and leaving, and other kinds of OSINT. Active reconnaissance means you are somehow touching your target. Examples include doing port scans, vuln scans, fingerprinting, walking into the building and talking to the receptionist/security guard, checking to see if doors are locked, etc.

    A lot of those active examples are not in the reconnaissance stage but are in the Network mapping, vulnerability identification and even the penetration stage.
  • whiteskieswhiteskies Member Posts: 32 ■■□□□□□□□□
    ii1ii the person who gave me negative repicon_exclaim.gif
  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    cyberguypr wrote: »
    Reconnaissance is basically gathering information about your target. There's passive reconnaissance which is done quietly, with zero target interaction. That means no packets flowing. Some example of passive recon include Google searches, SEC filings, job postings, social media, watching employees arriving and leaving, and other kinds of OSINT. Active reconnaissance means you are somehow touching your target. Examples include doing port scans, vuln scans, fingerprinting, walking into the building and talking to the receptionist/security guard, checking to see if doors are locked, etc.

    Ditto. Basically learning everything you can about your target without "touching" it in too much detail. I liken it to looking up MX records to see what they use for email services/filtering. If you find out they use Exchange Online / O365 and you know that Exchange Online's email filtering is absolute rubbish, then you know when you move on to the next phase after reconnaissance that email is one of the first ways you try to get in. You can find out a lot about someone / something without even "touching" them
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,899 Mod
    Funny, re-reading what I posted last night I see what a mess I made with active recon. I should really stop posting when I'm sick and under the influence of meds.

    I'm including examples for recon and scanning topics from SANS SEC 504:

    Reconnaissance
    What does your network reveal?
    Are you leaking too much information?
    Using Whois lookups, ARIN, RIPE and APNIC
    Domain Name System harvesting
    Data gathering from job postings, websites, and government databases
    Recon-ng
    Pushpin
    Identifying publicly compromised accounts
    Maltego
    FOCA for metadata analysis

    Scanning
    Locating and attacking unsecure wireless LANs
    War dialing with War-VOX for renegade modems and unsecure phones
    Port scanning: Traditional, stealth, and blind scanning
    Active and passive Operating System fingerprinting
    Determining firewall filtering rules
    Vulnerability scanning using Nessus and other tools

    p.s. thanks for the negative rep
  • MrAgentMrAgent Member Posts: 1,309 ■■■■■■■■□□
    cyberguypr got it right. +rep for you.
  • zxshockaxzzxshockaxz Member Posts: 108
    Just to throw in my 2 cents:
    Recon is also often used interchangeably with Intelligence Gathering and Information gathering, and it isn't too uncommon for people to give you slightly different definitions.
    pentest-standard.org and owasp.org have great sections on recon/intelligence gathering. Depending on the scope of the engagement, gathering details on people is just as critical as gathering details on their technology.
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    Some people need to loosen their bow ties a little and chill out. The point of this forum is to share info to help others. If you're posting to win a Smartest Guy In the Room trophy the site you're looking for is www.faceb......

    Anyway Cyrberprguy got it right. Yeah depending on the nerd you ask, some of the steps he mentioned could be considered scanning, enumeration, etc., some just call it active recon. But to say he got it wrong is reductionist and isn't helpful to answering the OP's question.
  • E Double UE Double U Member Posts: 1,745 ■■■■■■■■■□
    renacido wrote: »
    The point of this forum is to share info to help others. If you're posting to win a Smartest Guy In the Room trophy the site you're looking for is www.faceb......

    Then I am in the wrong place. Please provide the rest of that URL. :D
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, Azure Security Engineer Associate, ITIL 4 Foundation, and more.

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • bpennbpenn Member Posts: 499
    E Double U wrote: »
    Then I am in the wrong place. Please provide the rest of that URL. :D

    Oh, and make sure you spell your comments right on Facebook or prepared to be annihilated by the grammar gods.
    "If your dreams dont scare you - they ain't big enough" - Life of Dillon
  • MrAgentMrAgent Member Posts: 1,309 ■■■■■■■■□□
    Hah. Some jerk gave me negative rep for giving cyberguypr +rep.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    MrAgent wrote: »
    Hah. Some jerk gave me negative rep for giving cyberguypr +rep.

    Sounds like a good enough reason to me... icon_cyclops.gif
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,899 Mod
    Whoever is giving the negative rep for the second time questioning the masculinity of any member should at least put his/her name in the rep so we know who to thank.
  • bpennbpenn Member Posts: 499
    MrAgent wrote: »
    Hah. Some jerk gave me negative rep for giving cyberguypr +rep.

    Me, too. I am bathing in the salty tears.
    "If your dreams dont scare you - they ain't big enough" - Life of Dillon
Sign In or Register to comment.