In this chapter, we learned about the recon process. We started with active recon using HTTP headers and discovering Git repos. Then, we moved on to passive scans, where we looked at Shodan and SSL analysis, and used archived web pages to obtain information relating to a target.

In the next chapter, we'll learn how we can perform web-based enumeration using Metasploit. We'll be focusing on HTTP method enumeration, file and directory enumeration, subdomain enumeration, and more.