This article is all about different information-gathering techniques on the network. It is the most essential and important task of attackers. Knowing the opponents and their interests can be valuable. Here I am going to show you which are the different ways and techniques one can do the network information/intelligence gathering.
Let’s think of any thrilling movie theft. What do robbers do before they break into the bank or anything else? They gather information. They collect each and every bit of information about the bank system, alarm methodology, CCTV interface, the guards’ changing time, and a list of weapons that the guards have. After gathering information they make plans and attack or rob the bank. Assume they don’t have this information and they rob the bank directly. What will happen? You will find that they are caught by the police.
The same scenario can also be applied in the information security world. Before attacking or testing something, a hacker/tester needs to find information about his/her target. This target can be a network, web application, organization, or person. In our world, finding information is also called footprinting or doxing. Also, the word “reconnaissance” can be used sometimes.