Passive Recon 

First lets talk about the goals of doing recon.  When we do a recon we need to put objectives to follow them. some of the objectives  that I think are important are:


Types of Reconnaissance 

There are two types of recon: Active and Passive Recon. 

Active recon will might need to includes direct interacting with a target. Be  aware that in this type of recon we need permission because the target will note our IP and you might get blocked.  so In other words permission are required for this type.

Passive recon  means we need to get as much information in internet about our target.  in this type we note interacting directly with target because  we are search for public information about the target.


Tools For Recon

whois  if you want to learn more about it and how to use (windows, MacOS, and Linux)  go to this link https://www.alphr.com/whois-windows-command-prompt/

we can use this command and to get more information about our target. an example of that is show below:

In this example I used this whois command in Linux to get information about hashimtech.com 

if we want we can use it get the email address that the domain linked in

in the picture above I used the command grep to only grip the with ones with @

 shodan is search engine that lets users search for various types of servers connected to the internet using a variety of filters. the link is https://www.shodan.io/

If you like to know more about it please go to this link https://www.safetydetectives.com/blog/what-is-shodan-and-how-to-use-it-most-effectively/

Another search engine is TheH/harvester that you can use but it is command line base.

Another one is Netcraft this will provide technical report for another websites

Metagoofil used to preform metadata analysis for accessible files that are public.