Reconnaissance | Penetration Testing
Penetration Testing (or Pen Testing) refers to process of testing organization’s security posture using similar techniques and tools like that of an attacker, but with knowledge and approval of organization. Reconnaissance or Footprinting is the first step to perform in pen testing process. Performing footprinting in a systematic manner enables a pen tester to discover potential security liabilities that an attacker may exploit. In pen testing measure, the pen analyzer goes about as a malignant pariah and reenacts an assault to discover security escape clauses.
Reconnaissance pen test helps in determining an organization’s information on Internet such as network architecture, operating systems, applications, and users. Cyber-security analyzer attempts to assemble openly accessible delicate data of target by claiming to be a hacker or an attacker. Target might be a particular host or an organization. Pen-tester can play out similar assaults as an assailant. Pen-tester should attempt all potential manners by which to accumulate however much data as could be expected so as to guarantee most extreme extent of footprinting pen-testing. On off chance that pen-tester discovers touchy data on any freely accessible data asset, that data ought to be accounted for to association.
Footprinting pen testing helps the organization to :
- Forestall data spillage
- Forestall social engineering endeavors
- Forestall DNS record recovery from openly accessible systems
Reconnaissance Pen-Testing Steps :
Pen-testing is a way to look at network security. Steps in procedure should be followed in order, to ensure maximum scope of testing. Steps involved in Reconnaissance are :
- Stage 1: Get proper authorization :
Always perform pen-testing with authorization. Initial phase in a footprinting pen test is to get proper authorization from association. This could possibly incorporate framework chairmen.
- Stage 2: Define the extent of the evaluation :
Defining extent of the security appraisal is essential for pen-testing. Characterizing extent of evaluation decides scope of frameworks in organization to be tried and assets that can be utilized to test, etc. It likewise decides pen tester’s restrictions. When you characterize extension, you should plan and assemble delicate data utilizing footprinting methods.
- Stage 3: Perform Reconnaissance through web administrations :
Perform footprinting through web administrations, for example, Netcraft, Pipl, Google Finance, and Google Alerts to accumulate data about target association’s site, representatives, rival, foundation, and working frameworks.
- Stage 4: Perform Reconnaissance through web crawlers :
Use impression web indexes, for example, Google, Yahoo! Search, Ask, Bing, and Dogpile to accumulate target association’s data, for example, worker subtleties, login pages, intranet entrances, etc., that can help in performing social designing and different kinds of cutting edge framework assaults.
- Stage 5: Perform site Reconnaissance :
Perform footprinting utilizing apparatuses, for example, Burp Suite, Web Data Extractor, HTTrack, Web Site copier, Metagoofil so as to fabricate a point by point guide of site’s structure and design.
- Stage 6: Perform observation through interpersonal interaction locales :
Perform footprinting to accumulate association worker data from individual profiles on a person to person communication destinations, for example, Facebook, MySpace, LinkedIn, Twitter, etc. this can help with performing social designing. You can likewise utilize individuals web crawlers to get data about a target individual.
- Stage 7: Perform email Reconnaissance :
This should be possible utilizing devices, for example, eMailTrackerPro, Yesware, and ContactMonkey to accumulate data about physical area of a person. Utilize this to perform social designing that thusly may help in planning target association’s organization. Examining email headers can assist with gathering data, for example, sender’s IP address, sender’s letters worker, date and time got by originator’s email workers, verification framework utilized by sender’s letters worker, sender’s complete name, etc.
- Stage 8: Gather serious knowledge :
This should be possible utilizing toolkits, for example, Hoover’s, LexisNexis, or Business Wire. These instruments remove contender data, for example, its date of foundation, area, progress investigation, higher specialists, item examination, etc.
- Stage 9: Perform Whois Reconnaissance :
This should be possible utilizing applications, for example, Whois Lookup, SmartWhois, and Batch IP Converter to separate data about specific spaces. You can catch data, for example, IP address, space proprietor name, registrant name, and contact subtleties including telephone numbers, and email IDs. This data can be utilized to make a definitive guide of hierarchical organizations, accumulate individual data that helps to perform social designing, assemble other inside organization subtleties, etc.
- Stage 10: Perform DNS Reconnaissance :
This should be possible utilizing toolkits, for example, DNS stuff, DIG, and myDNSTools to decide key hosts in organization and to perform social designing assaults. Resolve area name to find out about its IP address, DNS record, etc.
- Stage 11: Perform network Reconnaissance :
This should be possible utilizing applications, for example, Path Analyzer Pro, VisualRoute, and GEO Spider to become familiar with organization range and other data about target network that assists withdrawing organization chart of target.
- Stage 12: Perform social engineering :
Implement social designing methods, for example, snooping, shoulder surfing, dumpster plunging, pantomime on interpersonal interaction destinations, and phishing to accumulate basic data about target association. In spite of fact that social designing, you can accumulate target association’s security items being used, OS and programming forms, network format data, IP locations and names of workers, and significant faculty.
- Stage 13: Document all the discoveries :
When gotten done with usage of footprinting strategies, gather and report data got in each phase of testing. You can utilize this record to contemplate, understand, and break down security stance of target association. This likewise empowers us to discover and fix security provisos to forestall abuse.
Pen testing helps organization to enhance its security perimeter. A pentester should always gather sensitive information such as server details, OS, and so on of target organization by conducting reconnaissance. Analyze system and network defenses by breaking into its security with authorization without causing any damage. Discover provisos and shortcomings in organization or framework security and show them alongside particular countermeasures in a pen-testing report.
Significantly, pen testing report results from network infiltration tests or security reviews.
It contains all subtleties, for example, kinds of tests played out, hacking methods utilized, and aftereffect of hacking action. Moreover, report additionally contains features of security dangers and weaknesses of an association. Continuously keep report classified. If this information falls into hands of an attacker, information in report could be used to launch attacks.