aniediogo's blog
Reconnaissance in Cybersecurity

Reconnaissance in Cybersecurity

Techniques and tools

Angela Chidiogo's photo
Angela Chidiogo
·

4 min read

image.png

Reconnaissance takes its root in the military, basically, it is a word used to refer to the art of entering into the territory of enemies to gather the information that will aid them in carrying out an attack.

Reconnaissance in cyber security is the same as it is in the military the slight variation is that the former is an attack on computer systems and not physical territories. Reconnaissance is a method mostly used by penetration testers or ethical hackers to deliberately find and gather information about a target's system.

Reconnaissance is an important step in the role of penetration testing. It involves inspecting a system to find details or pieces of information that can pave way for hackers. Information gathering could be through scanning to find open ports and network flaws, outdated functionalities, and backdoor access points, the traffic the firewall allows the hosts in a network, and the services that are running.

image.png

Active reconnaissance

Active reconnaissance is a type of recon where the attacker seeks to actively gather information about the system’s vulnerabilities and network loopholes by interacting directly with the target in order to collect information. Information gathering could be through automated network scanning or manual testing.

Active reconnaissance is fast and produces better results but the success is usually harder to come by since the target will possibly detect the intrusion on its network through the network firewall and other network security devices and Intrusion Detection Systems present in the network.

Tools used in carrying out effective active reconnaissance

  1. Metasploit is an open-source penetration tool used by penetration testers and attackers to test systems in order to gather information at the reconnaissance stage of an attack. Metasploit helps users to discover the areas where the systems are vulnerable and how it can those vulnerabilities can be exploited.

  2. Ping is a tool used to test if a particular host can be reached across an IP network. Attackers use it to determine the amount of time it would take packets that are to be sent across from a host network to a destination’s system and back. Hence, the Ping tool is used to monitor the availability of devices within a network.

  3. Nmap (Network Mapper) is an open-source code-based tool used in Windows, Linux, and Mac OS for checking or scanning for vulnerabilities and network mapping. Nmap tool is used to scan the list of open ports, check the network that a system is connected to, the operating systems in that network, and as well as identify a way through which hackers and penetration testers can gain access to a network.

  4. Nessus is an open-source free network scanning tool that scans a system to discover any vulnerabilities that can be used by hackers to gain access to the systems connected to a network. by running over 1200 checks on a particular system, it tests to see if any of these attacks could be used to break into the computer or otherwise harm it.

Passive Reconnaissance

Passive reconnaissance is a type of recon that happens when the target is not aware that information is being collected. It is a deliberate attempt to collect information about target systems and networks without any active or in-force engagement or contact with the systems. In this type of reconnaissance, the target system is not alerted. Any alert received by the target network can hamper the entire information-gathering process.

Tools used in Passive reconnaissance

  1. Wireshark is an open-source protocol analyzing tool used to capture units of data called jackets as they pass through the system to the internet. Wireshark also monitors local network, analyses traffic and data and files from captured packets

  2. Shodan is an open-source search engine that collects information on internet-connected devices especially As the Internet of Things, webcam, servers, routers using a variety of filters. Shodan presents information stating the type of system that is connected to the internet, the location of the system and the organization or individual that uses the system.

  1. Passive Operating System (OS) Fingerprinting is a passive reconnaissance technique used by security professionals and threat actors in mapping networks to find out Vulnerabilities in operating systems of remote computers on the internet. OS fingerprinting performs this act by passively sniffing network packets that are travelling between hosts networks and actively, it sends well crafted packets to the target machine.