Learn about the essential tools for passive reconnaissance, such as whois, nslookup, and dig.
In this room, after we define passive reconnaissance and active reconnaissance, we focus on essential tools related to passive reconnaissance. We will learn three command-line tools:
whoisto query WHOIS servers
nslookupto query DNS servers
digto query DNS servers
whois to query WHOIS records, while we use
dig to query DNS database records. These are all publicly available records and hence do not alert the target.
We will also learn the usage of two online services:
These two online services allow us to collect information about our target without directly connecting to it.
Pre-requisites: This room requires basic networking knowledge along with basic familiarity with the command line. The modules Network Fundamentals and Linux Fundamentals provide the required knowledge if necessary.
Important Notice: Please note that if you’re not subscribed, the AttackBox won’t have Internet access, so you will need to use the VPN to complete the questions that require Internet access.
Passive Versus Active Recon
This room expects the user to have a working knowledge of computer networks. If you like to brush up on this topic, you are encouraged to study the Network Fundamentals module first.
Before the dawn of computer systems and networks, in the Art of War, Sun Tzu taught, “If you know the enemy and know yourself, your victory will not stand in doubt.” If you are playing the role of an attacker, you need to gather information about your target systems. If you are playing the role of a defender, you need to know what your adversary will discover about your systems and networks.
Reconnaissance (recon) can be defined as a preliminary survey to gather information about a target. It is the first step in The Unified Kill Chain to gain an initial foothold on a system. We divide reconnaissance into:
- Passive Reconnaissance
- Active Reconnaissance
In passive reconnaissance, you rely on publicly available knowledge. It is the…