Visit complete Cyber Security roadmap
Back to Roadmap
Cyber Security Topic

Reconnaissance

Reconnaissance

Reconnaissance is a crucial stage in any cyber attack and refers to the process of gathering information about potential targets, their systems, networks, and vulnerabilities. This information is used by attackers to select which tactics, techniques, or tools will be most effective when attempting to compromise a target system or organization. Reconnaissance can be divided into two primary methods: active and passive.

Active Reconnaissance

In active reconnaissance, attackers directly engage with their target to gather information. This may include scanning networks for open ports or services, attempting to query servers or probing for vulnerabilities. Since the attacker is actively interacting with target systems, it has higher chances of being detected by intrusion detection systems, firewalls or security teams.

Common active reconnaissance tools include:

  • Nmap: A network scanner that can discover hosts, services, and open ports.
  • Nessus: A vulnerability assessment tool that allows attackers to scan for known vulnerabilities in target systems.

Passive Reconnaissance

In passive reconnaissance, the attacker seeks to gather information about the target without making any contact or directly engaging with target systems. Passive reconnaissance is often harder to detect and involves activities such as social engineering, open-source intelligence (OSINT) gathering, or analyzing leaked data.

Common passive reconnaissance techniques include:

  • Searching public forums, social media profiles, or websites for information about an organization or its employees.
  • Using search engines to find exposed or inadvertently leaked data.
  • Sifting through DNS records and WHOIS information to discover sub-domains and email addresses that might be used in further attacks.

Defensive measures against reconnaissance include monitoring network traffic for unusual patterns or repeated probing attempts, regularly updating and patching systems, providing employee training on social engineering awareness, and implementing network segmentation to limit access to sensitive information.

More Topics

Explore related content

View All Topics
Loved by 100K+ Developers

Start Your Learning
Journey Today

Join thousands of developers who are leveling up their skills with structured roadmaps and expert guidance

Get Started Free Explore Roadmaps
No credit card required
Always free
Track your progress