Chapter 4. Information Gathering

In this chapter, we will discuss the information gathering phase of penetration testing. We will describe the definition and purpose of information gathering. We will also describe several tools in Kali Linux that can be used for information gathering. After reading this chapter, we hope that the reader will have a better understanding of the information gathering phase and will be able to do information gathering during penetration testing.

Information gathering is the second phase in our penetration testing process (Kali Linux testing process) as explained in the Kali Linux testing methodology section in about the target, for example, information about the Domain Name System (DNS) hostnames, IP addresses, technologies and configuration used, username organization, documents, application code, password reset information, contact information, and so on. During information gathering, every piece of information gathered is considered important.

Information gathering can be categorized in two ways based on the method used: active information gathering and passive information gathering. In the active information gathering method, we collect information by introducing network traffic to the target network, while in the passive information gathering method, we gather information about a target network by utilizing a third party's services, such as the Google search engine. We will cover this later on.

Note

Remember that no method is better in comparison another; each has its own advantages. In passive scanning, you gather less information, but your action will be stealthy, while in active scanning, you get more information, but some devices may catch your action. During a penetration testing project, this phase may be done several times for the completeness of information collected. You may also discuss with your penetration testing customer which method they want.

For this chapter, we will utilize the passive and active methods of information gathering to get a better picture of the target.

We will be discussing the following topics in this chapter:

• Public websites that can be used to collect information about the target domain
• Domain registration information
• DNS analysis
• Route information
• Search engine utilization