Introduction to pentesting: Reconnaissance

Where do I go from here?

Once you’ve practised and mastered the basics of reconnaissance, you’ll be armed with enough information and skill to tackle advanced topics in information gathering. The following is a list of tools and techniques that will take you information-gathering ability to the next level:

  • Search engines directives for sites other than Google:
    • Now that your knowledge about Google directives is strong, you need to master this technique using other search engines. Most modern search engines includes directives or other ways to complete advanced searches. Remember you should never rely on a single search engine to do all of your reconnaissance. Searching for the same keywords in different search engines often return drastically different and surprisingly useful results.
  • Exploit DB Google Hacking Database (GHDB)
    • This is a single repository for some of the most effective and feared Google Hacks in existence today! It has already been mentioned and should go without saying but DON’T RUN THESE QUERIES AGAINST UNAUTHORISED TARGETS You can find the GHDB at
  • Paterva’s Maltego CE
    • Maltego is a very powerful tool that aggregates information from public databases and provides shockingly accurate details about your target organization. These details can be technical in nature, such as the location or IP address of your firewall, etcetera.