Passive reconnaissance

From wiki.exploitpedia.org

Passive reconnaissance is the process of collecting information in a covert manner about an intended target without the target knowing what is occurring. Mainly is done searching information about the target on the Internet (google, linkedin, etc) and also searching for metadata (i.e. domain registers information, OSINT tools, etc).


Sites

NIC databases:

Commands

Direct lookup:

$whois $DOMAIN


Reverse lookup:

$whois $IP


Sniff network data (inside the target network):

root #wireshark


root #tcpdump -X -i $IFACE


OSSINT Frameworks

$theHarvester -d $DOMAIN -l 300 -b google