Introduction to pentesting: Reconnaissance

How do I practise this step

Now that you’ve a solid understanding of the basic tools and techniques used to conduct reconnaissance, you’ll need to practice everything that was covered here. There are many ways to go about practising this step. One simple and effective idea is to make a list of companies by reading a newspaper. If you don’t have access to a newspaper, any popular news website will do, like http://cnn.com, http://www.msnbc.com, etc.

While making a list of potential targets to conduct reconnaissance on, try to focus on company names that you’ve never heard of before. Any good newspaper or website should contain dozens of companies that you’re unfamiliar with. One note of caution here YOU MUST BE SURE NOT TO DO ANY ACTIVE RECONNAISSANCE!. Obviously, you haven’t been authorized in any way to perform the active techniques we covered in this topic. However, you can still practice information gathering information through the passive techniques we discussed. This will allow you to refine and sharpen your skills. It’ll also provide you with an opportunity to develop a system for cataloguing, organizing and reviewing the data you collect. Remember, while this may be the “least” technical phase, it has the potential for the best returns.