# Information Gathering Is the process of collecting as much publicly accessible information about a target/organization as possible to obtain a deeper vision of the objective and possibly find vulnerable entry points.

In this process, we can find two primordial steps: * **Reconnaissance:** Preliminary survey to gather information about a target. It is done in two ways: * **Passive:** Rely on publicly available knowledge and access from publicly available resources without directly engaging with the target. Some actions that involve this are: * Checking job ads related to the target website * Reading news articles about the target company * Search Engine Queries * WHOIS/DNS Lookups * Web Archive Analysis * Social Media Analysis * Code Repositories * **Active:** Requires direct engagement with the target. Some actions that involve this are: * Port Scanning * Vulnerability Scanning * Network Mapping * Service Enumeration * Banner Grabbing * OS Fingerprinting * Web Spidering * Social engineering * Physical access * **Enumeration:** Extracting as much system information as possible, such as valid usernames, machine names, network resources, share names, directory names, and others. Normally, we scope this by some categories: * **Open-Source Intelligence:** Get as much public information as possible about the target * **Infrastructure enumeration:** Overview of the company's position on the internet and intranet. We use public services such as DNS to understand how the infrastructure is structured * **Service Enumeration:** Direct interaction with the assets, where we try to identify what version of a service is running, what information it provides us, and the reason it can be used * **Host Enumeration:** Identify the machines that are part of the infrastructure and the architecture they have internally, as well as the processes and services they run