reconnaissance-knowledgelisted

# Reconnaissance Knowledge Base ## Purpose This knowledge base provides comprehensive reconnaissance methodologies and techniques. It covers information gathering about targets without performing exploitation, including discovering services, versions, technologies, and potential attack vectors. ## Tools Available ### Network Scanning - `nmap` - Port and service discovery - `masscan` - Fast port scanning (if speed needed) - `nc` (netcat) - Banner grabbing ### Web Enumeration - `gobuster` - Directory/file brute forcing - `dirb` - Alternative directory scanner - `nikto` - Web vulnerability scanner - `whatweb` - Technology identification - `curl`/`wget` - Manual HTTP interaction ### Service Enumeration - `enum4linux` - SMB/Samba enumeration - `smbclient` - SMB interaction - `showmount` - NFS enumeration - `snmpwalk` - SNMP enumeration ### DNS/Subdomain - `dig` - DNS queries - `host` - DNS lookups - `nslookup` - DNS information ## Layered Reconnaissance Strategy **Core Principle:** Every reconnaissance task has 3 layers - escalate when previous layer yields insufficient results. ### Layer Framework for Each Task: ``` Layer 1 (Quick & Broad): - Fast tools with default parameters - Goal: Get initial foothold information - Time: 1-5 minutes - Example: nmap top 1000 ports, gobuster with small wordlist Layer 2 (Deep & Intensive): - Same tools with aggressive parameters - Goal: Extract maximum information from known services - Time: 5-30 minutes - Example: nma