Day 33 – Information Gathering | Complete Beginner Guide

🕵️ Day 33: Information Gathering (Reconnaissance)

Bug hunting ka sabse pehla step hota hai:

Target ke baare me maximum information collect karna.

Is process ko kehte hain Information Gathering ya Recon (Reconnaissance).

Agar aap bina information ke direct attack karte ho, to success chances kam hote hain.
Professional bug hunters hamesha recon se start karte hain.

🎯 Information Gathering Kya Hota Hai?

Information Gathering ka matlab hai:

✔ Target website ke baare me data collect karna
✔ Technologies identify karna
✔ Subdomains find karna
✔ Open ports aur services samajhna
✔ Publicly available data analyze karna

Ye sab legal aur authorized scope ke andar hi karna chahiye.

🧠 Recon Kyu Important Hai?

Socho aapko ek company test karni hai.

Agar aapko pata hi nahi:

  • Kitne subdomains hain

  • Kaun si technologies use ho rahi hain

  • Kaun se login panels available hain

To vulnerability find karna mushkil ho jayega.

Recon = Foundation of Bug Hunting 🔥

🌓 Types of Information Gathering

1️⃣ Passive Recon

Isme aap target ke server ko directly touch nahi karte.

Sources:

  • Google search

  • Public records

  • WHOIS lookup

  • Job postings

  • Social media

Example:
Agar kisi company ka LinkedIn page dekh kar aapko pata chale ki wo PHP use kar rahi hai, to ye passive recon hai.

Example organization:
LinkedIn

2️⃣ Active Recon

Isme aap directly target system se interact karte ho.

Example:

  • Subdomain scanning

  • Port scanning

  • Directory brute force

  • API endpoint testing

Yaha permission hona zaruri hai.

🔎 Information Gathering Me Kya-Kya Collect Karte Hain?

1️⃣ Domain Information

  • Main domain

  • Subdomains

  • WHOIS data

2️⃣ Technology Stack

  • Frontend language

  • Backend language

  • Database type

  • Server type

3️⃣ Open Ports & Services

  • HTTP (80)

  • HTTPS (443)

  • SSH (22)

4️⃣ Hidden Directories

  • /admin

  • /login

  • /backup

🌐 Real-World Example

Maan lo aap kisi company ka program test kar rahe ho, jaise:

Facebook

Recon me aap check karoge:

✔ Kitne subdomains hain
✔ Kaun si APIs public hain
✔ Kaun si services expose hain
✔ Kaun se endpoints sensitive lag rahe hain

Phir aap attack surface identify karte ho.

🛠 Information Gathering Tools (Basic Level)

✔ Browser DevTools
✔ Google Dorking
✔ WHOIS lookup
✔ Subdomain finder tools
✔ Network scanning tools

(Always authorized environment me hi use karein)

🧩 Recon Process Step-by-Step

  1. Target scope samjho

  2. Domain & subdomains collect karo

  3. Technologies identify karo

  4. Endpoints list banao

  5. Attack surface map karo

Phir vulnerability testing start hoti hai.

⚠ Common Mistake Beginners Karte Hain

❌ Direct exploitation start kar dena
❌ Scope check na karna
❌ Documentation maintain na karna

Professional bug hunters har cheez document karte hain.

🧠 Think Like a Researcher

Har page par ye socho:

  • Yaha kaun si technology use ho rahi hai?

  • Kya koi hidden API hai?

  • Kya koi backup file exposed hai?

  • Kya koi debug page visible hai?

Information gathering me patience sabse important hai.

🔁 Revision Points

  • Information Gathering = Recon

  • Passive aur Active dono types hote hain

  • Recon bug hunting ka first step hai

  • Scope follow karna mandatory hai

  • Documentation important hai

⬅ Previous Day                       

                               Next Day ➡