Cybersecurity Reconnaissance: Reviews, Tools and Tips
Reconnaissance is the first step in any infosec investigation. Often called footprinting, it’s considered the act of collecting information on a target. This information can be anything from domains, IP ranges and associated domains to VPN’s, open ports, operating systems, underlying technologies of the website, existing vulnerabilities, and the like. We recognize two types of reconnaissance: active and passive.
Active reconnaissance refers to interacting directly with a target system and gathering information about its vulnerabilities. It can be used by cyber criminals as well as white hats and red teams using the same techniques, and considers port scanning and other intrusive methods to gain access to protected areas of the system. While active reconnaissance might be more accurate than its passive counterpart, and yields results more quickly, it does leave a trace. And there is a far greater chance of getting caught when there is no permission from the system owner to do so.
Passive reconnaissance, on the other hand, refers to gathering information on the target system without actively interacting with it. It consists of scanning public resources on the target without ever coming into contact with them. Essentially, passive reconnaissance refers to open source information gathering, or OSINT.
Besides being the first step in infosec investigations, recon is also one of the most important. That’s why we’ve dedicated a full category of our blog posts to it: “Reconnaissance”.
Here you’ll find blog posts covering the basics: what is OSINT, recon, information gathering, and IP intelligence; you’ll also find in-depth reviews of the best recon and OSINT tools available, such as ASN lookup tools and Rumble Network Discovery, along with valuable techniques for checking domain owner history, banner grabbing, detecting CVEs using Nmap vulnerability scan scripts, and much more.
Information Gathering: Concept, Techniques and Tools explained
"Information is power," as the saying goes. And in most scenarios it's true: having critical information, at the right time, and especially knowing how to use it, can be a great source of power.
Banner Grabbing: Top Tools and Techniques Explained
We shared a few details about banner grabbing in our previous article about cybersecurity fingerprinting. Today, we'll dig a little bit deeper, to define what it is, explore its different types, and examine some real-world examples showing how you can grab banners from different services on the Internet with both command-line tools and web-based interfaces.
Cybersecurity Fingerprinting Techniques and OS-Network Fingerprint Tools
In the physical world, analyzing fingerprints is one of the most popular techniques used to identify people involved with all types of crimes, from robbery to kidnapping or even murder.
Top 20 and 200 most scanned ports in the cybersecurity industry
Port scanning is one of the most common activities in cybersecurity — and it's performed by both sides, the red team and the blue team.
What Are Certificate Transparency Logs?
SecurityTrails has introduced to you our new Feeds page, SurfaceBrowser™, and the option of getting certificate transparency logs, all of them in unified format so you're able to extract any information needed.