Evaluating Common Reconnaissance Tools and Techniques for Information Gathering
- 1 Covenant University, Nigeria
Abstract
A reconnaissance attack is a commonly overlooked step in penetration testing but a critical step that could help increase the effectiveness of an attack on a target. However, it is a common attack faced by companies and institutions, among others. It enables the attacker or penetration tester to gain valuable information on the target and select the best tools and methods that would make the attack successful. This study aims to identify and review existing state-of-the-art methodology for reconnaissance attacks based on certain techniques and evaluation metrics which will be beneficial to professional, ethical hackers in selecting the best-fit tool for a successful reconnaissance attack and enlighten organizations and the general public of the potential harm of a successful reconnaissance attack. This study explored seven online databases, which include Springer, Elsevier, Wiley, IEEE, ACM, ArXiv and Google Scholar. A total of 1306 publications were retrieved. Several screening criteria were executed to select relevant articles. Finally, 19 articles were identified for in-depth analysis. A quantitative evaluation was conducted on the selected articles using two search strategies: Techniques and source. A Quantitative Analysis (QA) was conducted on the selected articles and the outcome based on existing reconnaissance tools shows that 95.2% of the tools allowed experts to gather information by running their necessary command from the command line. While 4.8% of the tools do not provide a command-line interface allowing users to launch it from the command line interface while specifying some parameters to customize how it runs. 61.9% of the tools are network-based as they can be used to gather about the target's network infrastructure such as protocols, ports, DNS, IP address, hosts and the general network architecture. At the same time, 28.5% could be classified as hybrid as they allow the attacker to gather system-based and network-based information. This study concludes with findings that show that some of the tools operate in a different capacity; the best-fit tool is massively dependent on the attacker or penetration tester and the scenario's situations. Therefore, a tool should be selected based on the user's preference and the attack style.
DOI: https://doi.org/10.3844/jcssp.2022.103.115
Copyright: © 2022 Isaac Odun-Ayo, Emmanuel Owoka, Otavie Okuoyo, Opeyemi Ogunsola, Obaro Ikoh, Olumide Adeosun, Deborah Etukudo, Victoria Robert and Gabriel Oyeyemi. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
- 2,792 Views
- 2,245 Downloads
- 2 Citations
Download
Keywords
- Reconnaissance
- Information Gathering
- Cybersecurity
- Social Engineering
- Techniques