You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Reconnaissance (recon) is the first active phase of a penetration test. It involves collecting as much information as possible about the target — before touching the target's systems directly. Good recon shapes your entire attack strategy and can reveal vulnerabilities without triggering any alarms.
Reminder: All techniques in this lesson must only be performed against targets you have written authorisation to test.
| Type | Definition | Detection Risk | Examples |
|---|---|---|---|
| Passive | Gathering info without interacting with the target | None | OSINT, Google dorking, WHOIS |
| Active | Directly probing the target's systems | Medium–High | DNS queries, port scans, pings |
Passive Recon Active Recon
─────────────── ────────────────
│ Public records │ │ DNS enumeration │
│ Social media │ │ Port scanning │
│ Job postings │ │ Banner grabbing │
│ Google dorking │ │ Web spidering │
│ Shodan search │ │ SNMP queries │
───────────────── ─────────────────
│ │
▼ ▼
No direct Direct interaction
contact with with target systems
target systems
OSINT uses publicly available information. Key sources include:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.