Information Gathering is a technique or we can say that it is the first phase of ethical hacking, in which we gather as much information as possible about our target. That target can be a website, a web application, an IP address, a person, or anything in general. If you target something for particular reason, let us suppose for hacking, you will need a lot of information about that, which can be useful for you in future for exploiting the target. It is a process of knowing the target, digging information about our target, and to be in touch of our target.
Basically, the information gathering is of two type:
- Active Information Gathering
- Passive Information Gathering
Active Information Gathering
In active information gathering we collect information directly from the target. For Instance, if our target is a person, then in active information gathering, we can gather information directly through phone call or we can have a face to face meeting with our target and take an interview of our target.
Passive Information Gathering
In passive information gathering, the information is gathered through any third party. Most of the hackers use passive IG technique to gather information about their target, because in this target is not aware that, someone is gathering information about him. So, Passive IG is the best practice in order to collect useful information about your target.
So, we can collect information about our target by using Search Engines, by third party vendors and from social media platforms.
In case our target is a website, then we can find following information about our target.
- WHO is information
- DNS Records
- Reverse IP check
- Website Framework
In case our target is a web server, then we can find following information about our target.
- Server operating system
- What are the services running on that server?
- About open ports of that server
Once we gather, this information about our target, then it becomes easier to exploit or we can say to hack our target.
Now the Question is how to find this information. There are lots of tools available to serve the purpose.
Like in order to find the WHO is information about a particular domain, or the registrar information of that particular domain, we have one website whois.sc. There are lot of other websites and tools with same functionality, but this one is the most popular and also best website for this purpose.
In this website you just have to enter the domain name about which you want to gather information.
And the website will provide the information like domain name servers, registrant name, registrar name, IP address, IP location and lot mor information.
Once you know the IP address of website, you can do the reverse IP check, which means you can get to know about all the other websites hosted on that same IP. For this purpose, there is one website, yougetsignal.com. This website also provides tons of other features which can be used in information gathering.
So, That’s it for this article. I hope this article is informative. If you have any doubts then ask in comments.