Visit complete Cyber Security roadmap

← Back to Topics List

Reconnaissance

Reconnaissance is a crucial stage in any cyber attack and refers to the process of gathering information about potential targets, their systems, networks, and vulnerabilities. This information is used by attackers to select which tactics, techniques, or tools will be most effective when attempting to compromise a target system or organization. Reconnaissance can be divided into two primary methods: active and passive.

Active Reconnaissance

In active reconnaissance, attackers directly engage with their target to gather information. This may include scanning networks for open ports or services, attempting to query servers or probing for vulnerabilities. Since the attacker is actively interacting with target systems, it has higher chances of being detected by intrusion detection systems, firewalls or security teams.

Common active reconnaissance tools include:

  • Nmap: A network scanner that can discover hosts, services, and open ports.
  • Nessus: A vulnerability assessment tool that allows attackers to scan for known vulnerabilities in target systems.

Passive Reconnaissance

In passive reconnaissance, the attacker seeks to gather information about the target without making any contact or directly engaging with target systems. Passive reconnaissance is often harder to detect and involves activities such as social engineering, open-source intelligence (OSINT) gathering, or analyzing leaked data.

Common passive reconnaissance techniques include:

  • Searching public forums, social media profiles, or websites for information about an organization or its employees.
  • Using search engines to find exposed or inadvertently leaked data.
  • Sifting through DNS records and WHOIS information to discover sub-domains and email addresses that might be used in further attacks.

Defensive measures against reconnaissance include monitoring network traffic for unusual patterns or repeated probing attempts, regularly updating and patching systems, providing employee training on social engineering awareness, and implementing network segmentation to limit access to sensitive information.

Found any mistakes? Help us improve by updating the file here..

Community

roadmap.sh is the 6th most starred project on GitHub and is visited by hundreds of thousands of developers every month.

241K GitHub Stars Join on Discord

Roadmaps Best Practices Guides Videos Store YouTube

roadmap.sh by Kamran Ahmed

Community created roadmaps, articles, resources and journeys to help you choose your path and grow in your career.

© roadmap.sh · FAQs · Terms · Privacy

ThewNewStack

The leading DevOps resource for Kubernetes, cloud-native computing, and the latest in at-scale development, deployment, and management.

DevOps · Kubernetes · Cloud-Native