Information Gathering means gathering different kind of information about the target. It is basically, the first step or the beginning stage of Ethical Hacking, where the penetration testers or hackers (both black hat or white hat) tries to gather all the information about the target, in order to use it for Hacking. To obtain more relevant results, we have to gather more information about the target to increase the probability of a successful attack.
Information gathering is an art that every penetration-tester (pen-tester) and hacker should master for a better experience in penetration testing. It is a method used by analysts to determine the needs of customers and users. Techniques that provide safety, utility, usability, learnability, etc. for collaborators result in their collaboration, commitment, and honesty. Various tools and techniques are available, including public sources such as Whois, nslookup that can help hackers to gather user information. This step is very important because while performing attacks on any target information (such as his pet name, best friend’s name, his age, or phone number to perform password guessing attacks(brute force) or other kinds of attacks) is required.
Information gathering can be classified into following categories:
1. Nmap Tool
Nmap is an open-source network scanner that is used to recon/scan networks. It is used to discover hosts, ports, and services along with their versions over a network. It sends packets to the host and then analyzes the responses in order to produce the desired results. It could even be used for host discovery, operating system detection, or scanning for open ports. It is one of the most popular reconnaissance tools.
To use nmap:
- Ping the host with ping command to get the ip address
- Open the terminal and enter the following command there.
nmap -sV ipaddress
Replace the IP address with the IP address of the host you want to scan.
- It will display all the captured details of the host.
Read more about nmap.
It is another useful tool for the scanning phase of Ethical Hacking in Kali Linux. It uses the Graphical User Interface. It is a great tool for network discovery and security auditing. It does the same functions as that of the Nmap tool or in other words, it is the graphical Interface version of the Nmap tool. It uses command line Interface. It is a free utility tool for network discovery and security auditing. Tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime are considered really useful by systems and network administrators.
To use Zenmap, enter the target URL in the target field to scan the target.
3. whois lookup
whois is a database record of all the registered domain over the internet. It is used for many purposes, a few of them are listed below.
- It is used by Network Administrators in order to identify and fix DNS or domain-related issues.
- It is used to check the availability of domain names.
- It is used to identify trademark infringement.
- It could even be used to track down the registrants of the Fraud domain.
To use whois lookup, enter the following command in the terminal
Replace geeksforgeeks.org with the name of the website you want to lookup.
SPARTA is a python based Graphical User Interface tool which is used in the scanning and enumeration phase of information gathering. It is a toolkit having a collection of some useful tools for information gathering. It is used for many purposes, a few of them are listed below.
- It is used to export Nmap output to an XML file.
- It is used to automate the process of Nikto tool to every HTTP service or any other service.
- It is used to save the scan of the hosts you have scanned earlier in order to save time.
- It is used to reuse the password which is already found and is not present in the wordlist.
To use SPARTA, enter the IP address of the host you want to scan in the host section to start scanning.
nslookup stands for nameserver lookup, which is a command used to get the information from the DNS server. It queries DNS to obtain a domain name, IP address mapping, or any other DNS record. It even helps in troubleshooting DNS related problems. It is used for many purposes, a few of them are listed below.
- To get the IP address of a domain.
- For reverse DNS lookup
- For lookup for any record
- Lookup for an SOA record
- Lookup for an ns record
- Lookup for an MX record
- Lookup for a txt record
- Kali Linux Tools
- Kali Linux - Exploitation Tools
- Kali Linux - Vulnerability Analysis Tools
- Kali Linux - Web Penetration Testing Tools
- Top 10 Kali Linux Tools For Hacking
- Kali Linux - Wireless Attack Tools
- Kali Linux - Forensics Tools
- Difference Between Arch Linux and Kali Linux
- Kali Linux - Password Cracking Tool
- Difference Between Ubuntu and Kali Linux
- How to Install Lazy Script in Kali Linux?
- What is Vulnerability Scanning in Kali Linux?
- Introduction to Kali Linux
- How to Change the Mac Address in Kali Linux Using Macchanger?
- How to Hack WPA/WPA2 WiFi Using Kali Linux?
- Kali Linux - File Management
- Kali Linux - Default Passwords
- Kali Linux - Crunch Utility
- How to Create Reverse Shells with Netcat in Kali Linux?
- Kali Linux - Terminal and Shell
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.