Episode Details
Back to Episodes
Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 11: OSINT, Reconnaissance, and Scanning: Foundations and Tools
Published 2 months, 1 week ago
Description
In this lesson, you’ll learn about:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- The early phases of a penetration test, focusing on intelligence gathering, infrastructure mapping, and active scanning techniques.
- Open Source Intelligence (OSINT), collecting actionable data from publicly available sources without directly interacting with the target system.
- Google hacking (dorking), using advanced search operators like site:, filetype:, and intitle: to uncover exposed files, misconfigurations, and sensitive information.
- The Google Hacking Database (GHDB), a curated repository of search queries used by security researchers to identify common web exposure issues.
- Reconnaissance techniques, including:
- Identifying authorized IP address ranges to stay within legal testing scope
- Domain and subdomain enumeration using tools like dig and DNS reconnaissance utilities
- Email enumeration from public sources to assess potential social engineering vectors
- Scanning methodologies, transitioning from passive discovery to active probing through:
- Host discovery
- Port scanning
- Service enumeration
- Vulnerability identification
- Key industry tools used during scanning, including:
- Nmap for network and port mapping
- Nessus and OpenVAS for vulnerability assessments
- Burp Suite and OWASP ZAP for web application testing
- Metasploit for controlled exploitation and post-enumeration validation
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy