Chapter 3. Reconnaissance

When you are performing any penetration testing, ethical hacking, or security assessment work, that work typically has parameters. These may include a complete scope of targets, but often they don’t. You will need to determine what your targets are—​including systems and human targets. To do that, you will need to perform reconnaissance. Using tools provided by Kali Linux, you can gather a lot of information about a company and its employees.

Attacks can target not only systems and the applications that run on them but also people. You may not necessarily be asked to perform social engineering attacks if you are engaged in penetration testing or red teaming, but it’s a possibility. After all, social engineering attacks are one of the most common vectors for initial access these days. While the statistics vary from year to year, some estimates, including those by Verizon and Mandiant, suggest that a significant number of data breaches at companies today are the result of social engineering.

In this chapter, we’ll start by looking for information at a distance so your target isn’t aware of what you are doing. At some point, though, you need to engage with your target, so we’ll start moving closer and closer to the systems owned by the business. We’ll wrap up with a pretty substantial concept: port scanning. While this will give you a lot of details about systems and the applications running on them, the information you can gather from other tools and techniques ...