Conducting Passive Reconnaissance for Vulnerabilities in a Network
Welcome to the Conducting Passive Reconnaissance for Vulnerabilities in a Network Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Introduction
Welcome to the Conducting Passive Reconnaissance for Vulnerabilities in a Network Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.
Learning Outcomes
In this module, you will complete the following exercises:
- Exercise 1 - Conducting Passive Reconnaissance for Vulnerabilities in a Network
- Exercise 2 - Leveraging the Gathered Information
After completing this lab, you will be able to:
- Use the WHOis Website
- Perform Social Media Exploitation
- Use Shodan
- Use Google Hacking
- Use DNS Querying
- Use theHarvester
- Use Recon-ng
- Create a Temporary E-mail Account
- Use Maltego
- Find Analysis and Weaponization
- Know about Content of Interest
- Prepare for Next steps and its Guidelines
Exam Objectives
The following exam objectives are covered in this lab:
- PT0-001: 2.1 Given a scenario, conduct information gathering using appropriate technique
- PT0-001: 2.2 Given a scenario, perform a vulnerability scan
- PT0-001: 4.2 Compare and contrast various use cases of tools
Lab Duration
It will take approximately 1 hour to complete this lab.
Exercise 1- Conducting Passive Reconnaissance for Vulnerabilities in a Network
Information gathering is critical in penetration testing. Without gathering information about the targets, the attackers may not know what to target. With the amount and type of information the attacker gathers, the attacker can form the strategy for penetration testing.
The attackers normally use Open source intelligence (OSINT) to obtain information that is available publicly. There is nothing wrong with collecting such information as it is not confidential or private. Anyone with some bit of skills can obtain information about the targets. There are various places one can look for information:
- Whois database
- Target’s Website
- Social media profiles of employees
- Google search results
- DNS information
- Blogs and public forums
- A tool, such as Maltego, helps you with detailed Footprinting information about a Website.
In this exercise, you will learn about passive reconnaissance for vulnerabilities in a network.
Learning Outcomes
After completing this exercise, you will be able to:
- Use the WHOis Website
- Perform Social Media Exploitation
- Learn about Shodan
- Use Google Hacking
- Use DNS Querying
- Use theHarvester
- Use Recon-ng
- Create a Temporary E-mail Account
- Use Maltego
Exercise 2 - Leveraging the Gathered Information
After performing passive reconnaissance, now you need to put the gathered information to use. There were different tools that were used to gather various types of information, such as IP addresses, DNS information, subdomain names, and so on. Beyond this point, you now need to make good use of this information.
In this exercise, you will learn about leveraging the gathered information.
Learning Outcomes
After completing this exercise, you will be able to:
- Find Analysis and Weaponization
- Know about Content of Interest
- Prepare for Next Steps and its Guidelines
See the full benefits of our immersive learning experience with interactive courses and guided career paths.