Information Gathering is a phase in which we try to gather information about the target we are attempting to hack into it. The information can be open ports, services running on these ports, applications or misconfigurations.
Simply, the more information we gather about the target, the more it will be useful to us, as there will be more attack covering available to us. When doing a web application assessment, we need to investigate all the possibilities of hacking into the web application, because the more information we can gather about the target, the greater chance we can hack into it.
Information gathering methods consist of the following;
– Active techniques
– Passive techniques
An active method is connecting to our target for gaining information. This may involve running port scans, enumerating files, and so on. The target can detect active techniques, tools like Fierce, theHarvester, SubBrute and DirBuster can be picked up by the firewall of the target.
When using passive techniques, we make use of third party websites and tools that don’t communicate with the target for gathering data. Websites like Shodan, Bing and Google can provide a lot of information for a target website, properly using these can be extremely useful for getting information that can be later used in exploiting the target. The best advantage of passive techniques is that the target never recognises that we’re actually performing any information gathering.