What is reconnaissance?
Reconnaissance is the process of collecting information about a target. It is used in the military to learn about the enemy. During penetration testing assignments it has a similar role. Good reconnaissance will improve the quality of the pentest and increase the chances of successful service exploitation.
See Information gathering for more details.
There are 3 tool collections available that cover reconnaissance:
The following security tools are linked to reconnaissance and are worth investigating.
- 0trace (reconnaissance tool and firewall bypassing)
- 0trace.py (reconnaissance and firewall bypass tool)
- CMSmap (reconnaissance tool for popular CMS frameworks)
- DataSploit (OSINT framework)
- Domain Analyzer (domain information gathering)
- Gitem (GitHub organization reconnaissance tool)
- IVRE (reconnaissance for network traffic)
- InstaRecon (automated digital reconnaissance)
- Intrigue Core (attack surface discovery)
- OSINT Framework (collection of OSINT resources)
- OSINT-SPY (open source intelligence gathering tool)
- Recon-ng (web reconnaissance framework)
- Sandmap (network and system reconnaissance)
- Sn1per (automated pentest recon scanner)
- SpiderFoot (OSINT tool)
- Wappalyzer (discovery of technology stack)
- YASAT (local security scanner)
- detectem (software enumeration)
- p0f (passive fingerprinting tool)
- tlsenum (enumeration tool for TLS)
- wig (reconnaissance tool for web applications)