Skip to content

00_reconnaissance - Reconnaissance

Information gathering is where every engagement starts No intel means blind attacks and that's how 03_operations fail before they begin. Reconnaissance covers OSINT , network scanning , service enumeration , asset discovery , and all the pre-attack intel gathering techniques that separate professional engagements from script kiddie guessing games

What you'll find here:

  • Passive Reconnaissance - OSINT , DNS enumeration , certificate transparency , search engine dorking , social media intel , breach data 02_analysis
  • Active Reconnaissance - port scanning , service fingerprinting , banner grabbing , firewall enumeration , network mapping
  • Infrastructure Recon - cloud asset discovery , CDN detection , 02_reverse IP lookups , WHOIS , ASN 02_analysis
  • Technology Fingerprinting - WAF detection , framework identification , version enumeration , stack 02_analysis

first topic => OSINT Introduction


From the 0x1RIS OffSec library - for authorized 06_testing only , Document everything