# Information Gathering - Study Guide Information Gathering, also known as reconnaissance or enumeration, is a critical phase in the ethical hacking process. It involves systematically collecting and analyzing data about a target system or network to gather intelligence, identify vulnerabilities, and assess potential security risks. The purpose of information gathering in ethical hacking is to understand the target system's architecture, configuration, and potential weaknesses to assist in vulnerability assessment and penetration testing. Information gathering can be passive or active, and it may involve both technical and non-technical methods. ### Passive Passive information gathering typically involves using publicly available information, such as domain name registrations, WHOIS records, DNS queries, search engine queries, social media profiles, and other publicly accessible data. ### Active Active information gathering, on the other hand, involves actively scanning and probing the target system or network using various techniques and tools to collect information, such as port scanning, service identification, OS fingerprinting, and network mapping. Some common techniques used in information gathering in ethical hacking include: 1. Open Source Intelligence (OSINT): Collect publicly available information from sources such as search engines, social media, online forums, and public databases. 2. Network Scanning: Conduct scans of target networks to identify live hosts, open ports, and services running on those ports using tools like Nmap, Netcat, and Wireshark. 3. Enumerating Services: Identifying services running on the target system and gathering information about their versions, configurations, and potential vulnerabilities using tools like banner grabbing, service fingerprinting, and protocol analysis. 4. DNS Enumeration: Extracting DNS (Domain Name System) information from the target system or network to identify subdomains, mail servers, and other DNS-related information using tools like Dig, DNSenum, and DNSRecon. 5. Social Engineering: Collecting information through social engineering techniques, such as phishing, pretexting, and elicitation, to exploit human vulnerabilities and gather sensitive information. 6. WHOIS Lookup: Collect information about domain names, such as domain registrants, contact information, and registration dates, using WHOIS lookup tools. 7. Google Hacking: Using advanced search techniques and operators in search engines like Google to discover vulnerabilities, misconfigurations, or sensitive information on the target system. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ejpt-certification.certs-study.com/ewpt-web-application-penetration-tester/information-gathering/information-gathering-study-guide.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.