A reconnaissance attack is a commonly overlooked step in penetration testing but a critical step that could help increase the effectiveness of an attack on a target. However, it is a common attack faced by companies and institutions, among others. It enables the attacker or penetration tester to gain valuable information on the target and select the best tools and methods that would make the attack successful. This study aims to identify and review existing state-of-the-art methodology for reconnaissance attacks based on certain techniques and evaluation metrics which will be beneficial to professional, ethical hackers in selecting the best-fit tool for a successful reconnaissance attack and enlighten organizations and the general public of the potential harm of a successful reconnaissance attack. This study explored seven online databases, which include Springer, Elsevier, Wiley, IEEE, ACM, ArXiv and Google Scholar. A total of 1306 publications were retrieved. Several screening criteria were executed to select relevant articles. Finally, 19 articles were identified for in-depth analysis. A quantitative evaluation was conducted on the selected articles using two search strategies: Techniques and source. A Quantitative Analysis (QA) was conducted on the selected articles and the outcome based on existing reconnaissance tools shows that 95.2% of the tools allowed experts to gather information by running their necessary command from the command line. While 4.8% of the tools do not provide a command-line interface allowing users to launch it from the command line interface while specifying some parameters to customize how it runs. 61.9% of the tools are network-based as they can be used to gather about the target's network infrastructure such as protocols, ports, DNS, IP address, hosts and the general network architecture. At the same time, 28.5% could be classified as hybrid as they allow the attacker to gather system-based and network-based information. This study concludes with findings that show that some of the tools operate in a different capacity; the best-fit tool is massively dependent on the attacker or penetration tester and the scenario's situations. Therefore, a tool should be selected based on the user's preference and the attack style.
Read full abstract