Active and Passive Reconnaissance
Active reconnaissance is a penetration testing technique that actively probes and interacts with target systems and networks to gather information.
- includes activities that generate network traffic by directly requesting information from target systems
- aims to discover and obtain information about the target infrastructure, services, and potential vulnerabilities
- Common techniques:
- port scanning
- service enumeration
- OS fingerprinting
- DNS enumeration
- web application crawling
Passive reconnaissance is a penetration testing techniques that gathers information about target systems and networks without directly interacting with them by focusing on collecting publicly available data and passively observing network traffic.
- common techniques:
- open-source intelligence (OSINT)
- network traffic analysis
- helps gather initial information on a target’s digital footprint
- less intrusive and carries a lower detection risk