Before Learning about Active Passive Information Gathering Firstly let’s have a quick introduction of IG.
It is the first phase of ethical hacking, in which we gather as much information as possible about our target. The target can be a website, a web application, an IP address, a person, or anything in general.
If you target something for a particular reason, let us suppose for hacking, you will need a lot of information about that, which can be useful for you in the future for exploiting the target. It is a process of knowing the target, digging for information about our target, and being in touch with our target.
Types of Information Gathering
Basically, the information gathering is of two type:
- Active Information Gathering
- Passive Information Gathering
1. What is Active IG
In Active Information gathering, we collect information directly from the target. For Instance, if our target is a person, then in this, we can gather information directly through phone call or we can have a face to face meeting with our target and take an interview of our target.
2. What is Passive IG
In passive information gathering, the information is gathered through any third party. Most of the hackers use the passive IG technique to gather information about their target, because this target is not aware that, someone is gathering information about him.
So, Passive IG is the best practice in order to collect useful information about your target.
So, we can collect information about our target by using Search Engines, by third party vendors and from social media platforms.
Which information should we collect?
In case our target is a website, then we can find following information about our target.
- WHO is information
- DNS Records
- Reverse IP check
- Website Framework
In case our target is a web server, then we can find following information about our target.
- Server operating system
- What are the services running on that server?
- About open ports of that server
Once we gather, this information about our target, then it becomes easier to exploit or we can say to hack our target.
Now the Question is how to find this information. There are lots of tools available to serve the purpose.
How to gather Information?
Like in order to find the WHO is information about a particular domain, or the registrar information of that particular domain, we have one website whois. sc.
There are a lot of other websites and tools with the same functionality, but this one is the most popular and also the best website for this purpose.
In this website you just have to enter the domain name about which you want to gather information.
And the website will provide information like domain name servers, registrant name, registrar name, IP address, IP location, and a lot more information.
Once you know the IP address of a website, you can do the reverse IP check, which means you can get to know about all the other websites hosted on that same IP. For this purpose, there is one website, yougetsignal.com.
This website also provides tons of other features that can be used in information gathering.
So, That’s it for this article. I hope this article is informative. If you have any doubts then ask in comments.