CHAPTER 3
Reconnaissance
When you are performing any penetration testing, ethical hacking, or security assess‐
ment work, that work typically has parameters. These may include a complete scope
of targets, but often, they don’t. You will need to determine what your targets are—
including systems and human targets. To do that, you will need to perform something
called
reconnaissance
. Using tools provided by Kali Linux, you can gather a lot of
information about a company and its employees.
Attacks can target not only systems and the applications that run on them, but also
people. You may not necessarily be asked to perform social engineering attacks, but
it’s a possibility. After all, social engineering attacks are the most common forms of
compromise and infiltration these days—by far. Some estimates, including Verizon
and FireEye, suggest that 80–90% or maybe more of the data breaches that happen in
companies today are happening because of social engineering.
In this chapter, we’ll start looking for company information at a distance to keep your
activities quiet. At some point, though, you need to engage with the company, so we’ll
start moving closer and closer to the systems owned by the business. We’ll wrap up
with a pretty substantial concept: port scanning. While this will give you a lot of
details, the information you can gather from the other tools and techniques can really
help you determine who your port scan targets are and help to narrow what you are
looking at.