LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Metasploit Essential Training

Understand information Gathering and Scanning

From the course: Metasploit Essential Training

Start my 1-month free trial Buy for my team

Understand information Gathering and Scanning

“

- [Instructor] Understanding information gathering and scanning. What is information gathering? Well, information gathering is one of the most important activities in any type of security testing. You perform this step to find out as much information about the target machines as possible. The more information you have, the better your chances will be for exploiting the target. During the information gathering phase, the focus is to collect as much information about the target machine such as the IP address, available services and open ports. Information gathering, footprinting and enumeration are terms that are often used interchangeably. There are three types of techniques used in information gathering. First is passive information gathering. This technique is used to gain information about the target without having any physical connectivity or access to it. This means that you can use other sources to gain information about the target. Second is active information gathering. In this technique, a logical connection is set up with the target in order to gain information. This technique provides you with the most direct information. Lastly, social engineering. This type of information gathering is like passive information, but it relies on human error. Passive information gathering is all about finding information about the target. For example, it could be starting to look for details around the company domain name, or even subdomains. Then you would move onto information about the company itself, identify target machines and devices, find email addresses, and even honeypots. Active information gathering can use operating system fingerprinting, port scanning, enumeration of targets, et cetera. The retrievable information would be running services, open ports, details of the operating system, and potentially vulnerabilities. So what is scanning? Scanning is an active attack or security test phase involving identifying IP addresses, ports and services. A well executed scanning stage is critical when looking for potential security problems. Network administrators or security specialists often conduct scanning to understand and map out the network. Scanning is also essential for an attacker since it can give them all the information they need to launch an attack. Once an attacker knows the IP address of the servers or the open port and the version of the software the server is running, they can then look up and use known attacks against the target.

Contents