
Reconnaissance is the first stage of a penetration test. When testing a target that is accessible from the Internet, search engines, and social networking websites can reveal useful information. Search engines store a wealth of information that is helpful when performing a black box penetration. We used these free resources to identify information that a malicious user could use against the target. Kali Linux has several tools that help us achieve our objective and we used few of them. We then moved on to the scanning phase that required the hacker to actively interact with the web application to identify vulnerabilities and misconfigurations.

In the next chapter we will look at server-side and client-side vulnerabilities that affect web applications.