Automating Information Gathering for Ethical Hackers

An important part of performing a penetration test (or ‘pentest’) is reconnaissance, the process of gathering information about a target such as services running, open ports and vulnerabilities.
This can be a time-consuming process, hence the benefit of using an automated tool such as Autorecon, which takes a list of IPs or domains and runs through a series of predefined scans.
The article sets out to demonstrate how novice hackers can use the tool in a series of steps: the first selects an IP address or domain name, with the reader asked to assume they are using the domain name ‘tryhackme.com’.
They are then given instructions on how to install Autorecon and how to use the tool with a specified domain name, before finally getting a condensed version of the output, which might typically include open ports, HTTP vulnerabilities and domain information.
The article concludes with a useful tip for hackers just starting out, which is to run Autorecon repeatedly with different tools and settings to better understand the insights it can provide and how different parameters affect the output.

Fast Feed