<aside> 📌 Table of content

</aside>

6. Information Gathering

1. The Penetration Testing Lifecycle

A typical penetration test comprises the following stages:

• Defining the Scope
• Information Gathering
• Vulnerability Detection
• Initial Foothold
• Privilege Escalation
• Lateral Movement
• Reporting/Analysis
• Lessons Learned/Remediation

<aside> 📖 Scoping : Definition of IP ranges, hosts and applications subject to the test.

</aside>

2. Passive Information Gathering

Passive information gathering or OSINT is the action of retrieving information without directly interacting with the target.

We can divide this passive gathering into two categories, strict interpretation that implies NO direct access to any of the target’s systems. on the other hand, a looser and more common interpretation allows interaction with anything but only as a common user would.

1 - Whois Enumeration

The Whois tool is a TCP service and database that provides information about domain names, including name servers and registrars. This information is typically public, as registrars require a fee for private registration.

whois megacorpone.com -h 192.168.50.251

In the result, we can find some valuable information like names, domains, contact pages or emails etc.