You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Reconnaissance (recon) is the first active phase of a penetration test, where you gather as much information as possible about the target. The goal is to understand the target's attack surface — its domains, IP addresses, technologies, employees, and potential entry points — before attempting any exploitation.
| Type | Description | Detection Risk | Examples |
|---|---|---|---|
| Passive | Gather information without directly interacting with the target | Very low | OSINT, public records, social media |
| Active | Directly interact with the target to gather information | Higher | Port scanning, DNS zone transfers, banner grabbing |
Tip: Always start with passive reconnaissance. It reveals a surprising amount of information without alerting the target's security team.
OSINT is the collection of publicly available information:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.