Information Gathering by Cyber Gita
by

What is information gathering?
Information gathering is the first step in testing or attacking a network or system. It means collecting as much useful information as possible about a target so you can find weak points. This helps security teams (and attackers), so it must be used responsibly and legally.

Main goals (what we collect)

Network information

  • Domain name and internal domain names
  • IP addresses and network blocks
  • Which systems are reachable
  • Open TCP/UDP services and running protocols
  • Firewalls / IDS presence
  • Private or rogue websites

System information

  • User and group names
  • System banners (server info)
  • Routing tables and SNMP data
  • OS and remote system type
  • Hostnames and system details
  • Passwords (if found legally during a test)

What is penetration testing? (simple)

Penetration testing (pen test) checks and improves security by trying to find weaknesses in websites, servers, or networks. It is a planned, authorized simulation of an attack.

Typical pen-test steps

  1. Reconnaissance / Information gathering
  2. Scanning (finding open ports/services)
  3. Exploitation (attacking a weakness)
  4. Maintaining access (if test requires)
  5. Reporting (what was found and how to fix it)

Top information-gathering tools — short and easy descriptions

  • Nmap — Network scanner: finds hosts, open ports, services, and OS. Multi-platform.
  • Zenmap — Nmap’s official GUI (easier for beginners).
  • Th3inspector — GitHub tool to get server details, whois, IP location, subdomains.
  • Red Hawk — Web info scanner: CMS detection, whois, DNS, geo-IP, vulnerability checks.
  • Raccoon — Simple recon tool: DNS, WHOIS, TLS, WAF checks, subdomain enumeration.
  • BadKarma — GUI toolkit to run many pentest tools with logs and proxy support.
  • Sandmap — Friendly interface that uses Nmap engine; supports NSE and TOR.
  • Sparta — GUI to automate scanning and show tool outputs clearly.
  • Dmitry — Command-line info gatherer (whois, subdomains, emails, basic scans).
  • Devploit — Python script: DNS, whois, geo-IP, port scan, reverse IP, subdomains.
  • BillCipher — Multi-language tool combining many lookups (DNS, whois, links, subdomains).
  • Metasploit Framework — Big pentest framework (exploits, payloads, post-exploitation).
  • SQLMap — Automates finding and exploiting SQL injection vulnerabilities.
  • Burp Suite — Complete web application testing platform (proxy, scanner, intruder).
  • Nikto — Web server scanner that checks for dangerous files, outdated servers.
  • Wireshark — Packet capture & analysis tool for deep network troubleshooting.
  • Hydra — Fast password brute-force tool for many network services.
  • OWASP ZAP — Web app security scanner for automated and manual testing.
  • John the Ripper — Password hash cracker to test weak passwords.
  • Nessus — Vulnerability scanner that finds known issues and misconfigurations.

Other popular tools: aircrack-ng, ettercap, setoolkit, reaver, armitage, beef.

Quick tips (for beginners)

  • Always get written permission before testing any system. Unauthorized scanning is illegal.
  • Start with passive information gathering (public sources) before active scans.
  • Use tool outputs to make a clear report: what you found, risk level, and fixes.
  • Learn one tool well (Nmap or Burp) before trying many tools at once.

Leave a Comment