MODULE 02 · RECONNAISSANCE Available

Footprinting and Reconnaissance

Passive & active intel gathering on real targets.

whoisdigsubswayback

4 labs

1 challenges

Covered in Week 1 — Mission-driven walkthrough

Every concept in this module is taught hour-by-hour in Week 1 with story, knowledge maps, and interactive labs.

Hour 7 · 3 labs

Footprinting & Reconnaissance

OSINT · Passive vs Active · Sources, Tools, Tradecraft

Hour 8 · 6 labs

Live Reconnaissance Simulators

Real WHOIS · DNS · CT · Wayback · Headers · Robots

What is Footprinting?

Footprinting is the methodical collection of information about a target — its domains, IPs, technologies, people, and exposed services — *before* sending any disruptive traffic. It is the first phase of the ethical-hacking lifecycle.

Why it matters

Strong footprinting shrinks the attack surface to the parts that actually exist. Lazy recon = noisy scans, missed assets, and false positives in later phases.

How it works

Passive recon uses public sources only (WHOIS/RDAP, DNS, Certificate Transparency, search engines, Wayback Machine). Active recon issues queries to the target directly. CEH expects you to know both, and the legal boundary between them.

CEH v13 exam focus

Expect MCQs on: WHOIS fields (registrar, registrant, dates), DNS record types (A/AAAA/MX/NS/TXT/SOA), Google dorks, tools (theHarvester, Sublist3r, Maltego), Certificate Transparency, and OSINT methodology.

Common mistakes

Confusing passive vs. active. Forgetting that DNS zone transfers are an *active* technique. Ignoring SOA & TXT records (SPF/DKIM leak mail infrastructure).

← Introduction to Ethical Hacking Scanning Networks →