Active information gathering uses a direct approach to engage with our target; it involves actually making a connection between our machine and the target network and systems. By performing active information gathering, we are able to gather specific and detailed data such as live hosts, running services and application versions, network file shares, and user account information.

Determining live hosts will give us an idea of the number of devices that are online. It doesn't make sense to target an offline device as it would be unresponsive. Knowing the operating system and running services on a target helps us to understand the role of that device in the network and the resources it provides to its clients.

For example, if we were to find lots of file shares on the target system during active information gathering, this could mean that the target may be a file server that has a lot of important data on its shared drive. When performing active information gathering, the attacker machine (in our case, a Kali Linux-based machine) sends special queries to the potential victim in the hope that the victim machine will respond by providing some sort of confidential information (such as network shares and service versions) in return.

Now that you have a better understanding of what active information gathering is, let's dive deep into its practices in the following sections.