Top 10 network recon tools
Introduction: The need for recon
Reconnaissance is an important first stage in any ethical hacking attempt. Before it’s possible to exploit a vulnerability in the target system, it’s necessary to find it. By performing reconnaissance on the target, an ethical hacker can learn about the details of the target network and identify potential attack vectors.
Reconnaissance efforts can be broken up into two types: passive and active. While both versions can be effective, passive reconnaissance prioritizes subtlety (ensuring that the hacker is not detected), while active reconnaissance is used for cases where collecting information is more important than remaining undetected.
Top passive recon tools
In passive reconnaissance, the hacker never interacts directly with the target’s network. The tools used for passive reconnaissance take advantage of unintentional data leaks from an organization to provide the hacker with insight into the internals of the organization’s network.
1. Wireshark
Wireshark is best known as a network traffic analysis tool, but it can also be invaluable for passive network reconnaissance. If an attacker can gain access to an organization’s Wi-Fi network or otherwise eavesdrop on the network traffic of an employee (e.g., by eavesdropping on traffic in a coffee shop), analyzing it in Wireshark can provide a great deal of useful intelligence about the target network.
By passively eavesdropping on traffic, a hacker may be able to map IP addresses of computers within the organization’s network and determine their purposes based on the traffic flowing to and from them. Captured traffic may also include version information of servers, allowing a hacker to identify potentially vulnerable software that can be exploited.
2. Google
Google can provide a vast amount of information on a variety of different topics. One potential application of Google is for performing passive reconnaissance about a target.
The information that (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/M5XbHkV4lpY/
