Social Network For Security Executives: Network, Learn & Collaborate
Statistics indicate that over 4.5 billion records of data were compromised in 2019. With hackers increasingly adopting modern cyber tools, these figures will increase in 2020. One strategy that hackers use when attacking a system is to gather relevant information about the target. This step is called reconnaissance. According to the Lockheed-Martin Corporation, reconnaissance is the initial step in a cyber-kill chain. The Recon step involves research, identification, and selection of targets and attempts to identify the target network's vulnerabilities.
Here Are Some Of The Top Recon Tools:
For every penetration tester, Google should be the first tool to use for continuous cyber recon. Google and other search engines like Bing, are vital during reconnaissance because it provides vital data about individuals, companies, and data, including leaked content. The obtained information is free and can help to determine the direction a penetration tester will take.
Maltego is an interactive data mining tool that presents data informed by graphs for analysis. The tool is mainly applied for online investigations to provide links between pieces of information from various sources.
How It Helps You :
Firecompass uses elaborate reconnaissance techniques like the nation-state actors. The platform automatically discovers an organization’s dynamic digital attack surface, including unknown exposed databases, cloud buckets, code leaks, exposed credentials, risky cloud assets and open ports & more.
Recon-Ng is a web-based web reconnaissance tool written in Python. This tool is mainly applied by pen testers seeking web-based information. Recon-NG is preferred due to its intuitive functionalities, making it fast and effective to gather a lot of data quickly. More details on links here and here
Shodan is among the first search engines for internet-connected devices. With servers located all over the world, it provides real-time intelligence regarding attest technological trends. It also has APIs that other recon tools like Nmap, Metasploit, Maltego, and FOCA use for analysis. Click here for more details.
Censys provides an avenue to gather data regarding all your assets to help you prevent target attacks. This tool provides actionable insights and helps you track changes in all your assets and identify potential vulnerabilities. Click here to access the user guide.
nMap is among the best network recon tools used by both hackers and pen testers. nMap scans networks to determine available hosts, running services and operating systems, and whether the network uses network filters like a firewall.
Spiderfoot is a continuous cyber recon tool that automatically queries over 100 public data sources. This tool gathers intelligence on IP addresses, domain names, and emails, among others. During recon, you specify which modules to activate based on the information that you need. Find more details here.
An #OSINT Framework performs various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
Datasploit is useful for collecting relevant information about a target to expand your attack and defence surface quickly. The feature list includes:
A Tool for Domain Flyovers. AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources and the more common subdomain dictionary brute force approach.