Ethical Hacking Stages

1. Information Gathering (Reconnaissance)

   1. Active

   2. Passive

2. Scanning and Enumeration

   1. NMAP

   2. Nessus

   3. Nikto

3. Gaining Access

4. Maintaining Access

5. Covering Tracks

Information Gathering

Passive Recon

Types of passive recon

1. Physical/Social

   1. Location Information

      1. satellite images

      2. drone recon

      3. building layout (badge reader, break areas, security, fencing)

   2. Job information

      1. Employees

         1. name

         2. job title

         3. phone number

         4. managers etc.

      2. Pictures

         1. badge photos

         2. desk photos

         3. computer photos etc

2. Web/Host

   1. Target Validation

      1. WHOIS

      2. nslookup

      3. dnsrecon

   2. Finding Subdomains

      1. Google fu

      2. dig

      3. nmap

      4. sublist3r

      5. bluto

      6. crt.sh

   3. Fingerprinting

      1. nmap

      2. wappalyzer

      3. whatweb

      4. builtwith

      5. netcat

   4. Data breaches

      1. HavelBeenPwned

      2. BreachParse

      3. WeLeakInfo

3. dd

Identifying target

https://bugcrowd.combugcrowd.com

Bugcrowd> programs> Tesla

Email Gathering

Find email addresses in seconds • Hunter (Email Hunter)Hunter

common patterns of email addressees

Gathering Breached credentials

hmaverickadams - OverviewGitHub