█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Penetration Testing/Reconnaissance and Information Gathering
45 minBeginner

Reconnaissance and Information Gathering

After this lesson, you will be able to: Run passive and active recon: OSINT, Nmap, DNS enumeration.

Recon is the longest phase of a real engagement. The more you know about the target, the more efficient exploitation is. This lesson differentiates passive (no contact) from active (touching the target) and gets you using Nmap.

Prerequisites:What is Penetration Testing?

Passive vs active

Passive. Google dorking, LinkedIn employee enumeration, Shodan, Wayback Machine. The target sees nothing. Active. DNS lookups, port scans, banner grabbing. The target may log your IP.

First Nmap scan

Against a target you OWN or a TryHackMe lab IP:

tsx
# Default scan (top 1000 ports, TCP)
nmap 10.10.10.10
# Service/version detection
nmap -sV 10.10.10.10
# OS fingerprint + scripts (aggressive)
nmap -A 10.10.10.10
# All ports (slower)
nmap -p- 10.10.10.10

💡 OSINT in 5 minutes

Google dorks: `site:targetcompany.com filetype:pdf`. Shodan: search for the target's IP, it shows exposed services. theHarvester: harvests emails, subdomains automatically.

DNS enumeration

`dig targetcompany.com any`, shows all records. Subdomain enumeration with `subfinder`, `amass`, `dnsenum`, finds dev/staging/admin subdomains often left exposed.

Quick Check

Which is passive: Google dorks or Nmap scan?

Pick.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←What is Penetration Testing?
Back to Penetration Testing
Scanning and Enumeration→