Perform active and passive reconnaissance, gather information, and enumerate systems to uncover vulnerabilities (21% of exam).
Focuses on gathering information using open-source intelligence (OSINT), network sniffing, and protocol scanning. Covers enumeration techniques including DNS enumeration, service discovery, and directory enumeration. Includes using reconnaissance tools like Nmap, Wireshark, and Shodan for information gathering. Also covers modifying Python, PowerShell, and Bash scripts for reconnaissance and enumeration activities.
5 minutes
5 Questions
In the context of the CompTIA PenTest+ certification, Reconnaissance and Enumeration are the critical initial phases of a penetration test that determine the scope and success of subsequent attacks.
Reconnaissance (often called footprinting) is the process of gathering broad information about a target organization. It is divided into two categories: Passive and Active. Passive Reconnaissance involves collecting data without directly interacting with the target's systems to avoid detection, utilizing Open Source Intelligence (OSINT) tools like WHOIS, DNS lookups (nslookup, dig), and social media scraping to find IP ranges, domain names, and employee contacts. Active Reconnaissance involves direct interaction, such as ping sweeps, to confirm which hosts are live, though this carries a higher risk of triggering Intrusion Detection Systems (IDS).
Enumeration occurs after potential targets have been identified. It is a more aggressive and granular phase where the tester actively queries specific systems to extract detailed technical information. While reconnaissance identifies that a host exists, enumeration identifies what is running on it. Key activities include Port Scanning (using Nmap) to find open ports, Service Version Detection to identify specific software versions (e.g., Apache 2.4.49), and OS Fingerprinting. Testers specifically target protocols like NetBIOS, SMB, SNMP, LDAP, and SMTP to list valid user accounts, group memberships, and network shares.
For the PenTest+ exam, the distinction is vital: Reconnaissance casts a wide net to map the attack surface (finding the doors), while Enumeration interrogates specific assets to find vulnerabilities (checking which doors are unlocked and what locks they use). This data is then used to map vulnerabilities to specific exploits in the exploitation phase.In the context of the CompTIA PenTest+ certification, Reconnaissance and Enumeration are the critical initial phases of a penetration test that determine the scope and success of subsequent attacks.
Reconnaissance (often called footprinting) is the process of gathering broad information about a ta…