An August 2001 SANS whitepaper titled “The Art of Reconnaissance – Simple Techniques”, by Sai Bhamidipati, discusses a step-by-step approach to basic reconnaissance.
Basic Reconnaissance –
Step 1: DNS
Tools: whois and host queries to yield contact information of target website
Step 2: IP Addresses
Tools: whois queries to yield public server IPs of the target website
Step 3: Tracing IP
Tools: tracert / traceroute queries to detect the routers and locations of hops
1. Ping Sweeps, Fingerprinting, and Port Scanning
Tools: ping, ICMP echos, finger queries, nmap
2. Fingerprinting detected services
Tools: ftp, telnet commands
Reconnaissance tools are available freely and are at the hackers disposal. Security professionals should invest time and effort in using and mastering them to view their networks through the eyes of hackers and cover up all chinks in the armor.
Use the above commands and tools only on servers that you have explicit permission to play with.
Bhamidipati, S. (2001). The Art of Reconnaissance – Simple Techniques. Retrieved from https://www.sans.org/reading-room/whitepapers/auditing/art-reconnaissance-simple-techniques-60