Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 11: OSINT, Reconnaissance, and Scanning: Foundations and Tools

In this lesson, you’ll learn about:The early phases of a penetration test, focusing on intelligence gathering, infrastructure mapping, and active scanning techniques.Open Source Intelligence (OSINT), collecting actionable data from publicly available sources without directly interacting with the target system.Google hacking (dorking), using advanced search operators like site:, filetype:, and intitle: to uncover exposed files, misconfigurations, and sensitive information.The Google Hacking Database (GHDB), a curated repository of search queries used by security researchers to identify common web exposure issues.Reconnaissance techniques, including:Identifying authorized IP address ranges to stay within legal testing scopeDomain and subdomain enumeration using tools like dig and DNS reconnaissance utilitiesEmail enumeration from public sources to assess potential social engineering vectorsScanning methodologies, transitioning from passive discovery to active probing through:Host discoveryPort scanningService enumerationVulnerability identificationKey industry tools used during scanning, including:Nmap for network and port mappingNessus and OpenVAS for vulnerability assessmentsBurp Suite and OWASP ZAP for web application testingMetasploit for controlled exploitation and post-enumeration validationYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy