Information gathering or reconnaissance (recon) is the most crucial and time-consuming phase in the penetration testing cycle. When pentesting a web application, you are required to gather as much information as you can. The more information you have, the better. Information can be of any type – a web server banner, an IP address, a list of opened ports that are running a web application service, any supported HTTP headers, and so on. This kind of information will help a penetration tester to perform testing checks on a web application.
In this chapter, we will cover reconnaissance using Metasploit. We'll look at which modules you can use to perform the recon.
We will cover the following topics:
- Introduction to reconnaissance
- Active reconnaissance
- Passive reconnaissance