Passive Reconnaissance

Passive recon is the pretext to a hack by identifying information about the target and where to begin such as potential vulnerabilities and hosts.

Passive Recon objectives

• Identify personal attached to target and their vulnerabilities
• Identify host machines
• Identify tools being used by target

Passive Recon Tools

whois

A tool that can be used to gain information about a dns name such as its IP, potential contact information and additional servers.

filetype search on google

Searching on google for files with for example a filetype of pdf might reveal internal documents and other useful information not intended for the public.

archive.org

This tool can be used to view older versions of a website. This could revile protentional vulnerabilities and version info.

Business fillings

While not a tool they may ne useful in identifying potential owners to investigate as well as addresses.

Job Postings

Job postings can provide information about the innerworkings of a company such as the tools they use and the type of network they have.