Reconnaissance Tools and Techniques: A Comprehensive Guide to Information Gathering

CONFIDENTIAL: The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this
material is prohibited and subject to legal action under breach of IP and confidentiality clauses.
A Report on tools and methods that are
used for Reconnaissance (Information
Gathering)
Project By:- T S Sai Karthik

Agenda
• Introduction information Gathering/Reconnaissance
• Methods of Information Gathering/ Reconnaissance
• What kind of Information to be Gathered
• Different tools for Gathering Information
• Uses of Information Gathering/ Reconnaissance
• Functionalities of Reconnaissance/Information Gathering
• Out Comes of Reconnaissance/Information Gathering

Introduction information Gathering
• Information Gathering is means gathering different kinds of information about
the target. It is basically, the first step or beginning stage of Ethical hacking,
Where the pen tester's or Hacker’s tries to gather all the information about the
target, In order to use it for Hacking.
• It is a method used by analysts to determine the needs of customers and users.
Techniques that provide safety, utility, usability , learnability, etc.
• Various tools and techniques are available, including public sources(Community
edition) and private sources( Expert edition).
• It can be classified into the following categories :-
• Foot printing
• Scanning
• Enumeration
• Reconnaissance
Kali Linux - Information Gathering Tools - GeeksforGeeks

Methods of Information Gathering
There are two Methods of Gathering an
Information:-
1) Active Information Gathering
2) Passive Information Gathering
- Active information Gathering:- Active
information gathering is being there
physically present and tailgating on a
target to gather information.
- Passive Information Gathering:-
Passive techniques rely on the
observation of publicly available data,
information that is inadvertently
leaked, or network monitoring.

• Information gathering majorly includes two types of data
collection:-
• Collective Network data such as public and private
• Collecting system related information
- Operating system version
- OS host names
- Associated domain names
- Network host
- Public and private Ip blocks
- Routing tables
- TCP and UDP running services
- Open ports
- SSL certificates
Information
to be Gathered

• Nmap (Network Mapper) is a powerful tool that helps you
discover and gather information about devices and services
running on a network.
• In simple terms, Nmap is like a special tool that lets you see
which computers or devices are connected to a network and
what programs or applications are running on them.
• It’s like having a special pair of glasses that can see which
houses have people living in them and what kinds of activities
are happening inside each house.
• Nmap allows you to:
1. Find live devices on a network.
2. Check which ports or doors are open on those
devices.
3. Identify the services or applications running
on those open ports.
Nmap(Network
Mapper)

-A nmap 192.168.1.1
-A
Enables OS
detection, version
detection, script
scanning, and
traceroute
Commands
-O
nmap 192.168.1.1
-O
Remote OS detecti
on
using TCP/IP stack
fingerprinting
-oN nmap 192.168.1.1
-oN normal.file
Normal output to
the file normal.file
-6
nmap -6
2607:f0d0:1002:51
::4
Enable IPv6
scanning
-h nmap -h nmap help screen
-F
nmap 192.168.1.1
-F
Fast port scan (100
ports)
Nmap Cheat Sheet 2024: All the Commands & Flags (stationx.net)

Proof of Concept Nmap
•

• whois is a database record of all the
registered domains over the internet. It is
used for many purposes, a few of them
are listed below.
• It is used by Network Administrators in
order to identify and fix DNS or domain-
related issues.
• It is used to check the availability of
domain names.
• It is used to identify trademark
infringement.
• It could even be used to track down the
registrants of the Fraud domain.
Whois lookup

- You can use the whois command with domain
names or Internet Protocol (IP) addresses. A
slightly different set of information is returned for
each of these.
- Whois geeksforgeeks.com
- Using whois with an IP address is just as simple
as
using it with a domain name. Just specify an IP
address after whois.
- Whois 199.59.243.226
Commands
How to Use the whois Command on Linux (howtogeek.com)

Proof of Concept

• Metasploit is classified as a penetration testing
framework. It is used mainly by penetration
testers to identify vulnerabilities, execute exploit
code, and run payloads to compromise target
systems.
• Metasploit has many benefits. It provides access to
an extensive and continually growing database of
exploits. The framework also includes a variety of
payloads and a ranking system to gauge the
effectiveness of exploits. And It's completely free
and open source.
• In Metasploit, a module is a component that
executes specific operations, such as scanning or
exploiting a target. A module can be categorized
into seven types: auxiliaries, encoders, evasions,
exploits, nops, payloads, and post modules.
Metasploit
Metasploit Tutorial 2024: The Complete Beginners Guide (stationx.net)

Metasploit Modules
• Auxiliary Modules: Non-exploit modules, like
scanners and fuzzers, serve additional functionalities.
• Encoders: Encodes the raw payload code to evade
detection by antivirus or other defenses. Different
encoding algorithms are used, like XOR, shuffle,
prepend, etc.
• Evasions: Contains techniques to generate payloads
that avoid detection. This helps payloads bypass
antivirus and host-based security.
• Exploits: Takes advantage of software vulnerabilities
like buffer overflows, SQL injection, etc. Allows
execution of arbitrary code provided by the payload
component.
• Nops: Used to pad buffer overflows for increased
reliability. It contains inert instructions that perform
no operations.
• Payloads: Get executed upon successful exploitation
and perform tasks such as opening shells or
escalating privileges. While many payloads initiate a
Meterpreter session, others might run code that
performs actions like adding user accounts.
• Post: Executed on compromised hosts after
exploitation to gather data, maintain persistence, and
pivot to other hosts.
Metasploit Tutorial 2024: The Complete Beginners Guide (stationx.net)

• Wireshark is a network packet analyzer. A network packet
analyzer presents captured packet data in as much detail as
possible.
• You could think of a network packet analyzer as a
measuring device for examining what’s happening inside a
network cable, just like an electrician uses a voltmeter for
examining what’s happening inside an electric cable (but at
a higher level, of course).
• In the past, such tools were either very expensive,
proprietary, or both. However, with the advent of
Wireshark, that has changed. Wireshark is available for
free, is open source, and is one of the best packet analyzers
available today.
Wireshark

- The following are some of the many features
Wireshark provides:
• Available for UNIX and Windows.
• Capture live packet data from a network interface.
• Open files containing packet data captured with
tcpdump/WinDump, Wireshark, and many other packet
capture programs.
• Import packets from text files containing hex dumps of packet
data.
• Display packets with very detailed protocol information.
• Save packet data captured.
• Export some or all packets in a number of capture file formats.
• Filter packets on many criteria.
• Search for packets on many criteria.
• Colorize packet display based on filters.
• Create various statistics.
Features

Best Practices to Prevent Cyber attack and Information Leak
- Some of the best ways to approach cyber attack defense include:
1) Educate staff about cyber security
2) Encrypt and backup data
3) Conduct regular audits
4) Be mindful of insider data breaches
5) Restrict admin rights
6) Install a firewall
7) Keep software, devices and operating systems up to date
8) Ensure a best practice password policy
9) Ensure endpoint protection

Questions ?

Thank You!

Reconnaissance Tools and Techniques: A Comprehensive Guide to Information Gathering

More Related Content

What's hot

Similar to Reconnaissance Tools and Techniques: A Comprehensive Guide to Information Gathering

More from Boston Institute of Analytics

Recently uploaded

Reconnaissance Tools and Techniques: A Comprehensive Guide to Information Gathering