Reconnaissance (or simply Recon) is initial phase in Pen Testing process. The goal of recon is to gather as much information about the target as you can. More the information, more beneficial it will be for further phases of pen testing. Most of new learners underestimates this phase and ignore it but recon is most important phase of pen testing. Your point of view for digital world changes if you completely understood this process. Learning to successfully conduct the recon process is a valuable skill for anyone. There are two strategies of recon i.e, Active and Passive reconnaissance.

• Active Recon : It means interacting directly with target to gather information. This is not recommended because it violates the rule of “hiding traces” in pen testing.
• Passive Recon : It means gathering information about target using vast information present on internet. In it, we aren’t interacting directly with target so there is no fear of recording or logging of our activity by target.

Reconnaissance Tools :

1. HTTrack – Website Copier : It is a free utility that downloads the offline copy of any website. Offline copy includes all images, pages, links and code from original website. Using this tool, you do not have to spend much time on target website. Spending too much time on any website may cause monitoring tools to log your activity.
2. Google Directives : Google provides an enhanced method for search using directives. First write name of directive you want to use, then a colon(:) and then term you want to use in directive. You can combine two or more directives as well.

for e.g- site:geeksforgeeks.org  dhcp snooping  
filetype:pdf “some text”  
site:geeksforgeeks.org filetype:png “your text”

1. The Harvester : It is a python script written by Christian Martorella. This tool is used to make systematic list of e-mail and sub-domains related to target. Note that this tools are already present in Kali-Linux operating system. For convenient and easy practice of these tools, it is recommended to use Kali Linux.