Information Gathering

Information gathering is a critical phase of the penetration testing process, where the primary goal is to collect as much data as possible about the target system or application.

The aim of this phase is to identify potential vulnerabilities and weaknesses that could be exploited by attackers to gain unauthorized access to a system or network. The information gathered can be used to create an attack plan and determine the best approach to exploit the identified vulnerabilities.

You try to gain information about organization’s digital footprints, like their IP Address|IP addresses, DNS records, mail server, subdomains , older snapshots of an web application, back-end components, server information, publicly disclosed vulnerabilities in the softwares being used and more.