DEV Community

Cover image for Understanding Reconnaissance in Cybersecurity
DoreenNangira
DoreenNangira

Posted on

Understanding Reconnaissance in Cybersecurity

Introduction

Wondering how hackers manage to get people's data? Are you a security professional who wants to protect your organization from cyber attack or just an individual who wants to be safe from cyber attacks? Well, this article is for you.

What is reconnaissance?

Reconnaissance(Recon) refers to the process of gathering information about a potential target. It is divided into two main categories, that is, Passive Recon and Active Recon.
Passive recon: In this process, there is no engagement with the target. One relies on public resources such as social media accounts to gather information.
Active recon: The person gathering information engages with the target. This can be through one on one communication such as phone calls or even using devices belonging to the target company.

This article will focus on passive recon.

Prerequisites

In order to follow along, and understand the concepts here, one will need a basic understanding of the Linux operating system and also some networking basics.

Tools used for passive Recon

whois: This command gives us information about a certain domain. It gives us information such as when the domain was registered, when it was updated etc. An attacker can use the information found such as the company email to send phishing attacks. Open your terminal and write the command whois followed by domain name.
Example:

root@99a8ec2bac69:/# whois apple.com
   Domain Name: APPLE.COM
   Registry Domain ID: 1225976_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.comlaude.com
   Registrar URL: http://www.comlaude.com
   Updated Date: 2023-08-28T18:33:11Z
   Creation Date: 1987-02-19T05:00:00Z
   Registry Expiry Date: 2025-02-20T05:00:00Z
   Registrar: Nom-iq Ltd. dba COM LAUDE
   Registrar IANA ID: 470
   Registrar Abuse Contact Email: abuse@comlaude.com
   Registrar Abuse Contact Phone: +442074218250
   Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
   Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
   Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
   Name Server: A.NS.APPLE.COM
   Name Server: B.NS.APPLE.COM
   Name Server: C.NS.APPLE.COM
   Name Server: D.NS.APPLE.COM
Enter fullscreen mode Exit fullscreen mode

nslookup: This is used to query the Domain Name System. It shows us the IP addresses for a given domain and information related to each IP address such as mail servers etc.
When an attacker spots vulnerability in any of the IP addresses, he or she might use this to launch an attack.

To get ip addresses write nslookup followed by domain name. In order to get more information such as email servers used, the nslookup will take another argument called OPTIONS.
Syntax: nslookup OPTION [domain name]. In our example,
**-type=MX **is the option for getting email servers
Example:

root@99a8ec2bac69:/# nslookup apple.com
Server:         10.251.0.2
Address:        10.251.0.2#53

Non-authoritative answer:
Name:   apple.com
Address: 17.253.144.10
Name:   apple.com
Address: 2620:149:af0::10
Enter fullscreen mode Exit fullscreen mode
root@99a8ec2bac69:/# nslookup -type=MX apple.com
Server:         10.251.0.2
Address:        10.251.0.2#53

Non-authoritative answer:
apple.com       mail exchanger = 20 mx-in-hfd.apple.com.
apple.com       mail exchanger = 20 mx-in-vib.apple.com.
apple.com       mail exchanger = 10 mx-in.g.apple.com.
apple.com       mail exchanger = 20 mx-in-mdn.apple.com.
apple.com       mail exchanger = 20 mx-in-rno.apple.com.

Enter fullscreen mode Exit fullscreen mode

DNSdumpster: A part from the command line tools, we have online tools that one can use to get information about a target. DNSdumpster is an online tool that one can use to get more information about a certain domain such us sub domains, IP addresses and even graphical representation of each IP address in relation to others. To use this tool, go to your browser, navigate to the DNSdumpster website then on the search bar write your domain name.

Conclusion

We have reached the end of today's learning but this does not mean you should stop here. To gain more skills in this field, you will need to do more practice and also explore other available tools. See you soon, Adios!!

Top comments (0)