Passive Recon 

First lets talk about the goals of doing recon.  When we do a recon we need to put objectives to follow them. some of the objectives  that I think are important are:

• Network info

  • IP Addresses, Ranges

  • Domain info

• Systems

  • Server names/IPs

• Applications

  • What are they running

• Security Tools

  • Firewalls

  • IPS

  • Endpoint Protection

• People

  • Admins, Engineers

  • Developers

  • Others?

• Partners

  • Vendors

  • Hosting Providers

Types of Reconnaissance 

There are two types of recon: Active and Passive Recon. 

Active recon will might need to includes direct interacting with a target. Be  aware that in this type of recon we need permission because the target will note our IP and you might get blocked.  so In other words permission are required for this type.

Passive recon  means we need to get as much information in internet about our target.  in this type we note interacting directly with target because  we are search for public information about the target.

Tools For Recon

whois  if you want to learn more about it and how to use (windows, MacOS, and Linux)  go to this link https://www.alphr.com/whois-windows-command-prompt/

we can use this command and to get more information about our target. an example of that is show below: