Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 34

The information gathering part of the penetration test is a time-consuming part of the penetration test. It involves both passive and active information gathering.

With passive information gathering, you use public Internet resources to collect information about the target such as public IP addresses used, names and email addresses of persons that could be targets to a social engineer attack, DNS records, and information about products being used. This is called passive information gathering because you are not actually communicating with the company’s live systems (unless you surf its website); instead, you are collecting public information that anyone can access and it will not look suspicious. Note that passive information gathering is also known as passive reconnaissance.

Active information gathering involves using tools to communicate with the company’s network and systems to discover information about its systems. For example, doing a port scan to find out what ports are open on the company’s systems is considered active because in order to know what ports are open on each system, you have to communicate with those systems. Once you start communicating with the company’s network, you risk detection, which is why these techniques are categorized differently than passive information gathering techniques. Note that active information gathering is also known as active reconnaissance.