What is Reconnaissance and Its Types?

We come across various types of hacking tools that can automate your vulnerability assessment. But many people miss out on the very first stage of hacking, that is user enumeration of reconnaissance. Recon or information gathering is a series of tools used to understand more about the victim.

There are two types of reconnaissance. They’re active and passive recon. While the primary tasks of both the recon methods stay the same, what varies is the victim machine involvement.

Types of reconnaissance

Let us look at the literal meaning when we talk about the different types of reconnaissance.

Active reconnaissance:

In the active reconnaissance, the details of the victim are revealed by interacting with the victim. It can be about sending ICMP requests to identify the open ports of the victim or by social engineering methods such as calls and emails.

Passive reconnaissance:

When it comes to passive reconnaissance, the details of the target victim is gathered without having direct communication with it. Besides, various online tools can tell about a person such as Google dorks, email enumeration, and GitHub reconnaissance.

Tools for active reconnaissance:

  • Nmap

Nmap Security Scanner, CyberSecurity Tool Nmap, Scan your target IP or site.

Nmap is an open-source scanner that allows you to scan for the target IP Address. It sends requests to various ports of a device, and if the port responds, then it is considered to be an ‘open port’. We can further plan to send other requests through which it can accept malicious data or send useful information to know more about the victim.

Click here to avail the downloadable resource.

  • Metasploit

Metasploit - The world's most used penetration testing framework.

Metasploit comes with a lot of frameworks that can be exploited and can have malicious effects such as getting complete access to the victims PC and to influence the open ports that contain databases. MSFconsole is one of the famous frameworks of Metasploit.

Click here to avail the downloadable resource.

  • OpenVAS

OpenVAS - Open Vulnerability Assessment Scanner

OpenVAS is a vulnerability scanner that can run various tests on the software or website. It can list out the different database and security-related weaknesses and can suggest remediations through an automatic generated report. It is open-source software but should be tried with absolute permission from the victim.

Click here to avail the downloadable resource.

  • Nikto

Nikto2 - Web Application Security Scanner

Nikto can scan for the malicious files and scripts present at the server. Besides, as it is an open-source tool, it can be downloaded and operated through a command-line interface. Nikto can even give you false positives, but at the same time, it can help you enumerate a lot of details of the target.

Click here to avail the downloadable resource.

Tools for passive reconnaissance:

  • GitHub

GitHub is one of the biggest platforms where people might accidentally save sensitive data in the repositories. Such repositories, if not made private, are available along with the access details, keys, tokens, and source code. Enumeration can happen on an exponential level using GitHub.

  • Shodan

Shodan provides you with extensive information such as who is using the device and then monitors their network security. You can analyze your internet footprints and data that is available on the internet. It is one of the comprehensive search engines that tracks everything.

  • IP Lookup and DNS Lookup

IP Lookup can tell a lot about a website such as it’s IP address, location of the server, address, and hosting provider. Similar information can be found out using DNS Lookup when we provide the tool with some IP input.

  • Google Dorking

Google Dorking is a method to use specific commands on Google’s search bar to reveal sensitive information on the internet pages that are not meant for public visibility. Such commands can be used to trace some online hidden details of our target.


Moving towards the conclusion, we’ve known a lot, such as the definition of reconnaissance and its types. We’ve also seen a lot of tools that can come handy while conducting information gathering processes. It is recommended that one should not try to use them without the prior consent of the victim because we should not engage in the illegal tracing of information.

Reconnaissance can be considered to be the first place to conduct entire penetration testing of a system. Thus to move further, make sure you have enough expertise.

Rishika Desai

Author’s Bio: This article has been written by Rishika Desai, B.Tech Computer Engineering Student at Vishwakarma Institute of Information Technology (VIIT), Pune. She is a good dancer, poet and a writer. Animal love engulfs her heart and content writing comprises her present. You can follow Rishika on Twitter @ich_rish99.

You may also like to read:

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top