The following are the tasks to be performed prior to, and during, the information-gathering phase:
- Get legal permission.
- Define the scope of the penetration test.
- Perform information gathering using search engines.
- Perform Google hacking techniques.
- Perform information gathering using social networking websites.
- Perform website footprinting.
- Perform WHOIS information gathering.
- Perform DNS information gathering.
- Perform network information gathering.
- Perform social engineering.
In the next section, we will take a look at a checklist for network scanning.