In this chapter, we will learn a few ways of collecting useful information about the target system. The user must have a basic knowledge of Linux systems and network protocols in order to understand the content of this chapter.
Information gathering is the absolute first step that we should perform at the very beginning of any penetration testing. It is about collecting as much as information about the target systems or applications. It is the most critical step of security assessment. Therefore, the information gathering process allows us to determine the orientation of our assessment by defining where to proceed and giving the following potential information:
System or application information
The system's or application's physical location
The system ports available/open
The system's user information
The system's resources
The system's environment
Other potential information that creates risks for the system/application's integrity
During our information gathering...