Hello,
Please, I'm starting at the hacking world and I'm trying to get the core of so called hacking phases. I'm currently studying an Web App hacking book and would like to clear up this concept.
What I understood from my readings...
- OSINT (would be) a set of only passive techniques to gain target information. (?)
- Footprinting (would be) an active process of mapping the network and systems. (?)
- Recon (would be) the final result of both proccess discribed. (?)
Sorry if it's a silly question, but I really want to have a systematic understanding of pen testing.
I appreciate any indications. :)
2 Responses
Recon includes footprinting and acquiring more information about your target using OSINT. OSINT is just a set of open source tools can automate and/or simplfy the recon phase.. As far as footprinting a simple banner grab will suffice. Mapping the system is apart of the recon phase also but it goes beyond banner grabbing. Passive recon is everything that doesn't include touching the target system.
Thank you guys for make it more clear :)
Share Your Thoughts