We will describe the definition and purpose of information gathering.
We will also describe several tools in Kali Linux that can be used for information gathering. After reading this chapter, we hope that the reader will have a better understanding of the information gathering phase and will be able to do information gathering during penetration testing.
Information gathering is the second phase in our penetration testing process (Kali Linux testing process) as explained in the Kali Linux testing methodology section in Chapter 2, Penetration Testing Methodology. In this phase, we try to collect as much information as we can about the target, for example, information about the Domain Name System (DNS) hostnames, IP addresses, technologies and con guration used, username’s organization, documents, application code, password reset information, contact information, and so on. During information gathering, every piece of information gathered is considered important.
Information gathering can be categorized in two ways based on the method used: active information gathering and passive information gathering. In the active information gathering method, we collect information by introducing network traffic to the target network. While, in the passive information gathering method, we gather information about a target network by utilizing a third-party’s services, such as the Google search engine. We will cover this later on.
No. Resource URL
This contains an archive of websites. This contains domain name intelligence.
This contains the database of information about websites.
This is the free “Swiss Army Knife” for networking, server checks, and routing.
This contains free online network utilities such as domain, e-mail, browser, ping, traceroute, and Whois.
This allows you to search for domain and network information.
This allows you to search for people on the Internet by their first and last names, city, state, and country.
This allows you to search for people across social networking sites and blogs.
This is a free search engine that allows you to find people by their name, phone number, e-mail, website, photo, and so on.