Why is information gathering important?
There’s a saying: “Information is power.” This is absolutely true and highly practical. We live in an age of digital information. In this IT era, it’s no surprise that information holds immense value. If you look at tech giants like Facebook and Google, you can see how powerful holding information can be.
From a cybersecurity standpoint, information security is just as crucial. To put it simply—if you're going to hack something, the information you gather becomes essential. That means learning everything you can about your target organization or company. It's easier to get data from an insider than from a total stranger. This effort to learn all you can about the target is called "Information Gathering." If you want to get into hacking, you must dedicate a big portion of your time to information gathering.
What kind of data do we gather during information gathering?
The shortest answer: Gather as much as possible. The idea is to "gain as much information as possible about the desired target." For example, if your target is company XYZ, it’s useful even to know who their janitor is. The more you know, the more options you have. For instance, a high-level security person might be using the name of a small forgotten project they once led as a password!
Objectives
There are typically two main objectives in data collection:
- Collecting network data: This includes public/private domain names, subdomains, IP blocks, routing tables, services running on TCP/UDP, SSL certificates, open ports, etc.
- Collecting system-related data: Includes user enumeration, system groups, hostnames, OS fingerprinting, system banners, etc.

Information Gathering Techniques and Methods
There are many ways to gather information, but we can divide them into two categories: manual and automated.
- Social Engineering: Using chatting platforms or email to exploit human psychology and extract info.
- Search Engines: Using tools like Google and Bing to search for information. Learn about Google Hacking Database: https://www.exploit-db.com/google-hacking-database
- Social Networking: Use platforms like Facebook, Twitter, LinkedIn to gather public info from profiles.
- Domain Names: Company-specific or personal domains can hold valuable data.
- Internet Servers: Authoritative DNS servers can provide useful insights. Passive DNS recon tools help here.
Information Gathering Tools
There are many tools available, especially in distros like Kali Linux or Parrot OS. Kali comes with many built-in tools, which can be found here: https://www.kali.org/tools/
A dozen notable tools (but not limited to these)
- Nmap: Popular for port scanning and service detection.
- Unicornscan: An advanced alternative/complement to Nmap.
- Sublist3r: Great for finding subdomains.
- DMitry: Reconnaissance-focused data gatherer.
- OWASP Amass: Commonly used in recon stages.
- Axiom: Worth learning. Used for large-scale recon.
- Th3inspector: Can fetch page data, IP, email, DNS info, etc.
- Devploit: Useful for DNS, WHOIS, port scan, geo IP, etc.
- Bettercap: A Swiss Army knife for network recon and MITM attacks.
- Traceroute: For discovering network paths and IPs.
- WHOIS: Extracts domain-related metadata like admin name and DNS info.
- Dif: Pulls DNS record data.
Now that you know the essentials, you can continue learning on your own!
Further Reading (Old Posts)
Thank you for reading.
0 Comments