Performing Information Gathering

The skill of gathering information about your target is an essential skill that any penetration tester should have.

There is a big difference between passive and active information gathering. Passive information gathering leverages publicly available information. Active information gathering involves direct interaction with the target system. Active information gathering crosses the line when it comes to laws in specific countries, as some countries deem it illegal to perform any type of penetration test without permission—this is where your "get out of jail free card" (as discussed in Chapter 1, Introduction to Penetration Testing) comes in. It's important to have the right authorizations before you perform any active information gathering.

The information you gather about your target will be used to plan your attack. In this phase, you will look for anything that can expose information about your target. For example, are their public facing servers exposing known vulnerable ports? Are there any documents or information (such as social media posts) that contain sensitive information that's available on the internet? As you build your repository of information, you can begin threat modeling and search for vulnerabilities that can be used in your attack plan.

As you progress through this chapter, you will learn about the following topics:

• Passive information gathering
• Active information gathering
• Vulnerability scanning
• Known vulnerable services
• Capturing traffic