# Information Gathering Next, we move towards the Information Gathering stage. Before any target systems can be examined and attacked, we must first identify them. It may well be that the customer will not give us any information about their network and components other than a domain name or just a listing of in-scope IP addresses/network ranges. Therefore, we need to get an overview of the target web application(s) or network before proceeding further. * Reconnaissance can be passive or active. Check out this [article](https://www.securitymadesimple.org/cybersecurity-blog/active-vs-passive-cyber-reconnaissance-in-information-security) that explains this difference very well ### Physical / Social * Location Information: Satellite images, Drone recon, Building layout * Job information: Employees, Pictures ### Web / Host ![image](https://user-images.githubusercontent.com/96747355/175716537-7139593e-5620-44e5-b194-98495a32c207.png) > *Source:* [*Practical Ethical Hacking - TCM Security*](https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course) ## Identifying our target *In the case of bug hunting we will have a document with detailed information on what is in scope and what is out of scope. We have to take very good notes of these to be sure to not make any mistakes.*\ \&#xNAN;*In the case of a pentest it will be defined in the document called **Rules of Engagement*** ## Discovering email address * Check this article about [Email OSINT](https://csbygb.gitbook.io/pentips/osint/email) ## Gathering breached credentials * Check this article about [Password OSINT](https://csbygb.gitbook.io/pentips/osint/password) ## Web information Gathering * Check this article about [Website OSINT](https://csbygb.gitbook.io/pentips/osint/website) and this one about[Tools for website OSINT](https://csbygb.gitbook.io/pentips/osint/tools#tools-for-website-osint) ## Using search engines * Check out this article about [Search Engines](https://csbygb.gitbook.io/pentips/osint/search-engines) ## Using Social Media * Check out this article about [Social Media OSINT](https://csbygb.gitbook.io/pentips/osint/social-media) ## Tools * Lots of tools are available for the OSINT / Recon part, check this article about this [here](https://csbygb.gitbook.io/pentips/osint/tools#osint-tools) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/information-gathering.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.