Passive information gathering – reconnaissance – OSINT
In the first step before the penetration testing starts, you will need to passively collect the information about the company in scope. To accomplish this task, you will use the web, along with some automated tools that call the web at the backend as well. This phase is also called the collection of Open Source Intelligence (OSINT). OSINT refers to the information collected from the internet. Another name for this phase used by security professionals is reconnaissance. To be honest, they all refer to the same task, but you need to be aware of the different names used to describe this stage.
Note
If your target (whether it's your client's target or that of the organisation for which you work) is an external web application, then you can execute the information-gathering phase, but if your target is an intranet or a brand new website that has not been deployed into the production environment yet, then the OSINT is useless, unless your client...