Skip to content

Active Recon

So far we have looked at strategies for passive recon. This can be useful for gaining an overview of an organisation and some idea of it systems

In the next set of articles we will look at some techniques for Active recon. This is where we are interacting with a organisations systems and services to try and get an accurate picture of the infrastructure.

For example, we might identify a mail or web server through our passive recon process. Active recon, for example port scanning, will allow us to get a better idea of the services running on these servers.

Note

There are a huge number of tools we could use here. We are going to cover the main ones for each topic. They may not be the "latest and greatest", but they are things I am familar with and have used. If you have other tools that you would recommend using be sure to talk about it in the comments.

We will look at active recon techniques for

  • Port Scanning
  • Using NSE to detect common problems, and potential vulns.
  • Brute forcing web-pages
  • Identifying subdomains on servers