hacking-101
Rookie Recon
Welcome to Level 2: Rookie Recon!
This phase focuses on reconnaissance β the art of gathering information about your target using open-source tools and passive techniques before attempting any active engagement.
π 1. OSINT Basics (Open Source Intelligence)
- What is OSINT?
- Why reconnaissance matters in ethical hacking
- Legal & ethical considerations
- Types of intel: people, companies, websites, infrastructure
- Real-world examples
π 2. Domain & Network Reconnaissance
WHOIS Lookups
- Understand domain registration info
- Tools:
whois- Whoxy
- ICANN Lookup
DNS Enumeration
- Discover subdomains, mail servers, and name servers
- Tools:
nslookupdighostdnsenumFierce
IP Lookup
- Reverse DNS
- Geolocation
- ASN info
πΊοΈ 3. Host & Network Scanning
Nmap Basics
- Port scanning: TCP vs UDP
- Service detection (
-sV) - OS detection (
-O) - Stealth scanning (
-sS) - Intro to NSE (Nmap Scripting Engine)
Banner Grabbing
- Reveal service info using:
netcattelnetcurl
βοΈ 4. Recon Tools Overview
- π οΈ
theHarvester - π΅οΈββοΈ
Recon-ng - π§
SpiderFoot - π
Shodan - π
Censys - π
Amass - π§¬
Maltego
π₯ 5. People & Organization Footprinting
- Email & username discovery
- Useful tools:
- Hunter.io
- HaveIBeenPwned
- Pipl (some features paid)
- LinkedIn scraping & employee discovery
- Social media recon
- Google Dorking for specific info
- Building a digital footprint
βοΈ 6. Manual vs Automated Recon
- Why automation isnβt everything
- How human intuition improves results
- When to go manual and verify
π§ͺ 7. Practical Labs
- π TryHackMe β OSINT Basics
- π TryHackMe β Intro to Recon
- 𧩠Hack The Box recon-focused machines
- π΅οΈββοΈ CTFs (e.g. OSINT Dojo, Trace Labs)
π 8. Resources & Further Learning
- SOCMIntelligence
- OSINT Framework
- Awesome-OSINT GitHub List
- Pentest Bookmarks (by PayloadAllTheThings)