Introduction to Reconnaissance

The reconnaissance phase allows the attacker to gather information regarding the internal and external security architecture. Getting deep information about a target reduces the focus area and brings the attacker closer to the target. The attacker can start with a domain name, a range of IP address or something else.

This collection of information can be done through publicly-available personal information. It is not a big deal to get information regarding anyone as the Internet, social media, official websites and other sources have loads of information on companies and individual users.

Some of the most common techniques and sites are:

  • Using Search Engines
    • Google, Bing, Netcraft, Shodan
    • Location services
      • Google Earth
      • Google Map
      • Bing Map
      • Wikimapia
    • People Search Online Services
      • PrivateEye
      • PeopleSearchNow
      • PublicBackgroundChecks
      • AnyWho
      • Intelius
      • 4111
      • PeopleFinders
    • Financial services
      • Google Finance
      • Yahoo Finance
    • Job sites
      • Linkedin
      • Monster
      • Indeed
      • CareerBuild
  • Using Advance Google Hacking Techniques
    • Google Advance Search
    • Google Hacking Database
  • Using Social Networking Sites
    • Groups, forums, blogs
  • Using Websites
    • Web Spiders
    • Mirroring
    • Website Changes Monitoring Tools
    • Website Traffic Monitoring Tools
  • Using Email
    • Email Tracking Tools
  • Using Competitive Intelligence
    • EDGAR
    • BusinessWire
  • Checking Online Reputation
    • Google Alerts
    • WhosTalkin
    • Rankur
    • PR Software
    • Social Mention
    • Reputation Defender
  • Using WHOIS
  • Using DNS
  • Using Network Tools
    • Trace Route
  • Using Social Engineering
    • Eavesdropping
    • Shoulder Surfing
    • Dumpster Diving
    • Impersonation

There are tools that can automate this work in a streamlined fashion. These are some of the best:

  • Recon-ng
  • The Harvester
  • SpiderFoot
  • Osmedeus
  • Sp1der
  • Maltego

The aforementioned tools will make use of a number of free websites and services to collect a huge amount of information thus preventing the tedious work of using the services one by one. However, for more specific needs, one must not rely only on automated tools. Hacking is about patience and perseverance!

Most important, some of the best services are paid, not free! So, pending on the specific target, a serious hacker might need to purchase a number of subscriptions for the most advanced tools.

Posted by
Labels: , ,

1 comment:

Shayzee said...

Hello Everyone !

USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.

All SSN's are Tested & Verified.

**DETAILS IN LEADS/FULLZ**

->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS

*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers

->Hope for the long term business
->You can buy for your specific states too

**Contact 24/7**

Whatsapp > +923172721122

Email > leads.sellers1212@gmail.com

Telegram > @leadsupplier

ICQ > 752822040

August 24, 2020 at 8:54 PM

Post a Comment

Subscribe to: Post Comments (Atom)