Information Gathering is one of the initial and important steps of Penetration testing.We collect information of the host which we are going to test for vulnerabilities that can later be exploited.
The two basic methods of Information Gathering are:
- Active: In this method, we induce network traffic to the target and collect information.
- Passive: In this method, we use a third party to induce network traffic to the target and collect information.We can use information that is publicly available also.In this way, we won’t leave our fingerprints on the target.
Using information that is publicly available on internet:
- Google: Search engine.
- Archive.org: It is an archive of websites.
- Whois: Looks up all the domain name info.
- Tinyeye: Reverse searches images.
Using ‘ping‘ to discover the target:
The Ping tool checks if the target host is available.Ping sends ICMP echorequest packets to the target host and if the target doesn’t have a firewall that blocks these request packets then the host will send the ICMP echo reply packets.For example:
ping (target address)
If it completes a round trip without any packets lost, the target is available.
To ping an IPv6 host, we can use ping6.
To ping several hosts at a time, we can use fping.
In the next post, we will look at the famous Nmap tool.