Passive information collection:


The principle of this phase is to collect as much information as possible without ever directly accessing the target's system and not being detected by the customer. Social networks and google will be the first tools used, in particular google dorks which are covered in another chapter. This type of information collection is part of OSINT (Open Source Intelligence).


It will be researched the architecture and network managers, know what type of operating system and what web server is used by the target, the name of employees, phone numbers, emails, names of operating system , servers, etc .... Here is a list of passive collection tools which are covered in the following chapters:



These are just a few tools, go take a look at the 25 best OSINT tools on the SecurityTrails website




In these 25 OSINT tools, some like Nmap are not passive, here we must imperatively distinguish what is passive and active, a cybercriminal will not have any qualms about using destructive and sighted tools, you must imagine that you are a pentester and that your job is to test the security of a company without being seen on the network, discretion is essential. Even a click on the website of the company you are auditing and leaving you traces of your passage.

The open source intelligence :



OSINT is an art which turns out to be an indispensable tool for justice, indeed a large number of investigations into criminal facts disseminated on the internet have been able to be solved thanks to internet research, I recommend the bellingcat site , it is an independent international group of researchers, investigators and citizen journalists using both: 'open source' surveys and social networks, to probe a variety of subjects - Mexican drug traffickers, crimes against the humanity, monitoring the use of chemical weapons and conflicts around the world. With staff and contributors in 20 countries around the world, we operate in a unique field where advanced technology, forensic research, journalism, investigations, transparency and accountability meet.


In Cameroon, Bellingcat provided invaluable assistance to the BBC's Africa Eye investigation into the murder of two women and their children by members of the Cameroonian army. As a result of this investigation, the United States withdraws $ 17 million in funding from the Cameroonian army and the European Parliament adopts a resolution condemning "torture, enforced disappearances, extrajudicial killings perpetrated by government forces".


In May 2018, in partnership with Forensic Architecture and Venezuelan journalists, Bellingcat collects, times and locates nearly 70 pieces of evidence related to the El Junquito raid, including videos, photographs, audio leaks from the radio communications of the police and official statements, asking for more information to determine whether rebel policeman Óscar Pérez and his companions were the victims of extrajudicial executions


Linux, Windows or Mac ?

It is possible to use any operating system to do passive research, however it is important to know how to code in python if you want to use certain tools on Windows.


If the tools don't exist on Windows, you will have a python ethical hacking section for each of them that tells you how to code your own tools, you will see this is definitely the most exciting part of hacking.


Coding your own hacking tools will teach you to understand the inner workings of your computer and teach you how to automate certain tasks.