Cybersecurity Reconnaissance: Reviews, Tools and Tips

Reconnaissance is the first step in any infosec investigation. Often called footprinting, it’s considered the act of collecting information on a target. This information can be anything from domains, IP ranges and associated domains to VPN’s, open ports, operating systems, underlying technologies of the website, existing vulnerabilities, and the like. We recognize two types of reconnaissance: active and passive.

Active reconnaissance refers to interacting directly with a target system and gathering information about its vulnerabilities. It can be used by cyber criminals as well as white hats and red teams using the same techniques, and considers port scanning and other intrusive methods to gain access to protected areas of the system. While active reconnaissance might be more accurate than its passive counterpart, and yields results more quickly, it does leave a trace. And there is a far greater chance of getting caught when there is no permission from the system owner to do so.

Passive reconnaissance, on the other hand, refers to gathering information on the target system without actively interacting with it. It consists of scanning public resources on the target without ever coming into contact with them. Essentially, passive reconnaissance refers to open source information gathering, or OSINT.

Besides being the first step in infosec investigations, recon is also one of the most important. That’s why we’ve dedicated a full category of our blog posts to it: “Reconnaissance”.

Here you’ll find blog posts covering the basics: what is OSINT, recon, information gathering, and IP intelligence; you’ll also find in-depth reviews of the best recon and OSINT tools available, such as ASN lookup tools and Rumble Network Discovery, along with valuable techniques for checking domain owner history, banner grabbing, detecting CVEs using Nmap vulnerability scan scripts, and much more.

Banner Grabbing: Top Tools and Techniques Explained.
SecurityTrails Blog · Last updated on Oct 14 2021 · by Esteban Borges

Banner Grabbing: Top Tools and Techniques Explained

We shared a few details about banner grabbing in our previous article about cybersecurity fingerprinting. Today, we’ll dig a little bit deeper, to define what it is, explore its different types, and examine some real-world examples showing how you can grab banners from different services on the Internet with both command-line tools and web-based interfaces.

What Are Certificate Transparency Logs?.
SecurityTrails Blog · Oct 25 2018 · by Sara Jelen

What Are Certificate Transparency Logs?

SecurityTrails has introduced to you our new Feeds page, SurfaceBrowser™, and the option of getting certificate transparency logs, all of them in unified format so you’re able to extract any information needed. And while Google has announced they’ll be requiring Certificate Transparency for all newly-issued publicly trusted certificates, highlighting transparency and accountability through Certificate Authorities, there are still people who don’t get the importance of Certificate Transparency logs and the value of the information within them.