Post mortem the target may be able to go back and discover the reconnaissance activities but they shouldn’t be able to attribute the activity back to anyone. The key here is not to draw attention to our activities. We aren’t running network level portscans or crawlers and we are only looking at metadata in published documents and files not actively seeking hidden content.
![sitesucker cfm sitesucker cfm](https://img.yumpu.com/33101291/1/190x146/moodle-and-other-open-source-tools-sites-at-lafayette.jpg)
We query only the published name servers for information, we aren’t performing in-depth reverse lookups or brute force DNS requests, we aren’t searching for “unpublished” servers or directories. Semi-passive Information Gathering: The goal for semi-passive information gathering is to profile the target with methods that would appear like normal Internet traffic and behavior. As such this information can be out of date or incorrect as we are limited to results gathered from a third party. This means we can only use and gather archived or stored information. This type of profiling is technically difficult to perform as we are never sending any traffic to the target organization neither from one of our hosts or “anonymous” hosts or services across the Internet. Passive Information Gathering: Passive Information Gathering is generally only useful if there is a very clear requirement that the information gathering activities never be detected by the target. For the purposes of this tutorial, I’m going to refer to the Penetration Testing Execution Standard’s definitions of “passive reconnaissance” and “semi-passive reconnaissance” and group them both under the umbrella of “Passive Reconnaissance” activities.
#Sitesucker cfm download#
Some references will assert that passive reconnaissance can involve browsing a target’s website to view and download publicly available content whereas others will state that passive reconnaissance does not involve sending any packets whatsoever to the target site. Sometimes referred to as Open Source Intelligence (OSINT) or simply Information Gathering, the idea behind passive reconnaissance is to gather information about a target using only publicly available resources.
![sitesucker cfm sitesucker cfm](https://schtirlitz.ru/800/600/https/image2.slideserve.com/4940726/slide17-l.jpg)
In this post I outline what passive reconnaissance entails and the various techniques one can use. To the contrary, passive recon can be one of the most useful and unobtrusive methods of data gathering for any penetration test or security assessment.
![sitesucker cfm sitesucker cfm](https://schtirlitz.ru/800/600/https/theslide.ru/img/thumbs/6b7c5e601adb0138b671dd547e22fa66-800x.jpg)
Recently, while watching the House Committee hearings on the security of, I was disappointed to hear testimony likening passive reconnaissance to a form of unauthorized/illegal activity that involved potentially invasive actions such as port/vulnerability scanning.