In this chapter, we reviewed many specialized methods of gathering freely available information. Using this information, we are able to create a larger picture of the networks we are targeting.

After performing the initial reconnaissance, we should be able to determine if the network space provided to us by our clients is accurate. We should also be able to successfully determine which documents are searchable on the Internet and whether we are able to read the metadata associated with these documents. At this point in a penetration test, we should be getting an idea of just how difficult or easy this job will be. One such indicator will be the results you gather from search engines such as Shodan. One last note: be very diligent in collecting the data you have found. Documentation is critical and will make your life as a penetration tester much easier in the long run.

In the next chapter, we will start to put the information we gathered to use. You will have a chance to directly enumerate networks. We also begin to expand and create our lab, which allows you to follow along with each and every step of the process. Some of the topics covered in the next chapter include understanding how and when to use Nmap, using SNMP to your advantage, various avoidance techniques, and more!