Reconnaissance 101: Active & Passive Reconnaissance (2024)

Table of Contents
What is Reconnaissance? Types of Reconnaissance Active Reconnaissance Passive Reconnaissance Advantages of Active Reconnaissance Disadvantages of Active Reconnaissance Advantages of Passive Reconnaissance Disadvantages of Passive Reconnaissance ProjectDiscovery Reconnaissance Series Additional Resources & Further Reads

Welcome to a 5 part series on Recon with ProjectDiscovery! * Part 1 * Part 2 * Part 3 * Part 4 * Part 5 *

Reconnaissance is a pivotal part of penetration testing and bug bounty hunting, and having an understanding of an organization's assets is crucial for assessing its attack surface. Procuring complete and accurate information during this phase is often crucial for the success of the pentest. This initial step is crucial because it helps to identify the target system or network and collect information about its vulnerabilities and weaknesses.

This blog post series provides an in-depth look at the key reconnaissance techniques used for penetration testing and bug bounty hunting. In the first post, we discuss the two main types of reconnaissance: active and passive, and explain the advantages and disadvantages of each. The second post focuses on subdomain enumeration and subdomain brute forcing, which are important reconnaissance methods. The third post will cover live host discovery and port scanning, which helps identify open ports on a network and hosts to scan for vulnerabilities. Finally, the fourth post will discuss template-based scanning, a type of passive reconnaissance method. This blog post series is a great resource for anyone looking to learn more about the fundamentals of reconnaissance for bug bounty hunting.

See Also
Active vs Passive Reconnaissance

What is Reconnaissance?

Reconnaissance is gathering information about a target system or network to identify potential vulnerabilities that can be exploited. This can involve various techniques such as analyzing publicly available information about the target, using tools to scan the target's network and systems for open ports and services, and trying to gather information about the target's employees and business practices.

The goal of reconnaissance is to gather as much information as possible about the target to create a detailed profile of the system or network and identify any potential weaknesses that can be exploited. This information can then be used to plan and execute a successful attack on the target.

There are different types of reconnaissance, including passive reconnaissance, which involves gathering information from publicly available sources without actively interacting with the target system or network, and active reconnaissance, which involves actively interacting with the target to gather information.

In simple words, reconnaissance does not guarantee a vulnerability, but allows one to gather assets and build the overall attack surface of the target.

Types of Reconnaissance

Active Reconnaissance

Active reconnaissance involves interacting with the target system or network to gather information. This includes techniques such as running a port scan on the server to identify open ports and services, attempting to access restricted pages or resources within the application, or using tools to try and identify vulnerabilities within the application or underlying system.

Passive Reconnaissance

On the other hand, passive reconnaissance is gathering information from publicly available sources without actively interacting with the target system or network. This includes techniques such as analyzing the target application's website and social media presence, looking up information about the application's developers and users, and reviewing publicly available documents such as user manuals and support documentation.

The main difference between active and passive reconnaissance is the level of interaction with the target system or network. Active reconnaissance involves actively interacting with the target, while passive reconnaissance involves gathering information without actively interacting with it.

There are several advantages and disadvantages when performing reconnaissance during security assessments.

Advantages of Active Reconnaissance

  1. Identify active systems and services: Active reconnaissance allows you to identify which systems and services are actively running and responding to requests, rather than just those configured or present on the network.
  2. Comprehensive information gathering: Active reconnaissance allows you to gather more information about a target system or network. You can interact with the system directly and probe it for information. This can be useful for identifying vulnerabilities or weaknesses that may not be detectable through passive reconnaissance methods.
  3. Gather real-time information: Active reconnaissance allows you to gather information about a target system or network in real time, rather than relying on outdated or historical data. This can be useful for identifying current vulnerabilities or weaknesses in the system.

Disadvantages of Active Reconnaissance

  1. Risk of detection: Active reconnaissance involves actively interacting with the target system or network, which increases the risk of being detected by the target. This can trigger security alerts or defensive measures, disrupting the reconnaissance process.
  2. Risk of disruption: Active reconnaissance can also disrupt the target system or network, disrupting the target's operations and potentially causing damage. This can be especially risky if the target is a critical infrastructure or has high-security requirements.
  3. Increased time and resources: Active reconnaissance can be more time-consuming and resource-intensive than passive reconnaissance, as it involves actively interacting with the target and may require specialized tools and techniques.

Advantages of Passive Reconnaissance

  1. Lower risk of detection: Passive reconnaissance involves gathering information from publicly available sources without actively interacting with the target system or network, which reduces the risk of being detected by the target. This can be especially useful in cases where the target has high-security requirements or is sensitive to disruptions.
  2. Lower risk of disruption: Passive reconnaissance also involves a smaller risk of disrupting the target system or network, as it does not involve actively interacting with the target.
  3. Lower resource requirements: Passive reconnaissance is generally less resource-intensive than active reconnaissance, as it does not require specialized tools or techniques and can often be done using readily available information.

Disadvantages of Passive Reconnaissance

  1. Less accurate and comprehensive information: Passive reconnaissance relies on publicly available information, which may need to be more detailed and precise than information gathered through active reconnaissance.
  2. Limited ability to identify vulnerabilities: Passive reconnaissance does not involve actively interacting with the target, which limits the ability to use tools and techniques to identify vulnerabilities.
  3. Limited control over reconnaissance process: With passive reconnaissance, the security team is limited to the information that is publicly available and has less control over the process than with active reconnaissance.

In the next installment, we will look at some reconnaissance tools to learn about their features, duration of results and many more.

Author: Harsh Bothra, @harshbothra_

ProjectDiscovery Reconnaissance Series

Reconnaissance is an essential part of penetration testing and bug bounty hunting, as it is the process of gathering information about a target to identify potential attack vectors and vulnerabilities. This blog series provides an overview of the various reconnaissance techniques available, as well as advice on how to effectively utilize them to maximize the chances of success.

  • Reconnaissance 101: A Deep Dive in Active & Passive Reconnaissance
  • Reconnaissance 102: Subdomain Enumeration
  • Reconnaissance 103: Host and Port Discovery
  • Reconnaissance 104: Expanded Scanning
  • Reconnaissance 105: Additional Types of Active Reconnaissance

Additional Resources & Further Reads

  • https://blog.projectdiscovery.io/building-one-shot-recon/
  • https://securitytrails.com/blog/tag=reconnaissance
  • https://www.bugcrowd.com/resources/levelup/doing-recon-like-a-boss/
  • https://www.cobalt.io/blog/scope-based-recon-smart-recon-tactics
  • https://www.offensity.com/en/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/
  • https://infosecwriteups.com/recon-methodology-for-bug-hunting-e623120a7ca6?gi=a63b0a78d505

Interested in Nuclei Cloud? Learn more here...

Reconnaissance 101: Active & Passive Reconnaissance (2024)
Top Articles
What is An Electronic Communication Network (ECN)?
How to Calculate Employee Provident Fund - StaffAny
Mickey Moniak Walk Up Song
Dee Dee Blanchard Crime Scene Photos
Red Wing Care Guide | Fat Buddha Store
Cvs Devoted Catalog
Espn Expert Picks Week 2
All Obituaries | Ashley's J H Williams & Sons, Inc. | Selma AL funeral home and cremation
What is a basic financial statement?
Samsung Galaxy S24 Ultra Negru dual-sim, 256 GB, 12 GB RAM - Telefon mobil la pret avantajos - Abonament - In rate | Digi Romania S.A.
I Touch and Day Spa II
Dr Manish Patel Mooresville Nc
Connect U Of M Dearborn
Yakimacraigslist
Dulce
Craigslist Org Appleton Wi
Mj Nails Derby Ct
St Clair County Mi Mugshots
The best brunch spots in Berlin
Bidevv Evansville In Online Liquid
Jackie Knust Wendel
Jesus Calling Feb 13
Miles City Montana Craigslist
Stouffville Tribune (Stouffville, ON), March 27, 1947, p. 1
Parent Management Training (PMT) Worksheet | HappierTHERAPY
Bursar.okstate.edu
2487872771
Learn4Good Job Posting
Rogold Extension
Sedano's Supermarkets Expands to Orlando - Sedano's Supermarkets
Bee And Willow Bar Cart
Garrison Blacksmith's Bench
Tmka-19829
Edict Of Force Poe
Magicseaweed Capitola
Arcadia Lesson Plan | Day 4: Crossword Puzzle | GradeSaver
The Syracuse Journal-Democrat from Syracuse, Nebraska
Winco Money Order Hours
Husker Football
Improving curriculum alignment and achieving learning goals by making the curriculum visible | Semantic Scholar
Lima Crime Stoppers
Vindy.com Obituaries
Smite Builds Season 9
Royals Yankees Score
Lorton Transfer Station
Kate Spade Outlet Altoona
Horseneck Beach State Reservation Water Temperature
Sml Wikia
Costco Tire Promo Code Michelin 2022
Duffield Regional Jail Mugshots 2023
Códigos SWIFT/BIC para bancos de USA
Latest Posts
Enduring Word Bible Commentary Luke Chapter 19
How to Configure LDAPS for Active Directory Integration
Article information

Author: Kerri Lueilwitz

Last Updated:

Views: 5688

Rating: 4.7 / 5 (67 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Kerri Lueilwitz

Birthday: 1992-10-31

Address: Suite 878 3699 Chantelle Roads, Colebury, NC 68599

Phone: +6111989609516

Job: Chief Farming Manager

Hobby: Mycology, Stone skipping, Dowsing, Whittling, Taxidermy, Sand art, Roller skating

Introduction: My name is Kerri Lueilwitz, I am a courageous, gentle, quaint, thankful, outstanding, brave, vast person who loves writing and wants to share my knowledge and understanding with you.