Before starting an intrusive test in our client is necessary to perform some reconnaissance about the network to identify all information possible about the system. Some information can be collected without sending any probes to the target system this is called passive recon.

Passive Recon

Active Recon

Port Scans

nmap -sS --reason

Services Enumeration

nmap -sS -A

DNS brute force