Penetration testing begins with a phase in which the pen tester gets familiar with the client & the goals. Then the pen tester starts the authentic penetration analysis and usually proceeds with an information gathering in which the pen tester locates publicly accessible information associated to the client and seeks ways that could be subjugated to get into the systems.
In this phase, the pen tester also utilizes tools such as port scanners which can help to get an acknowledgement of the systems .With The Use of that information, the pen tester can identify what impact the different findings may have on the client and the vulnerability analysis part can be carried on. Thus, without good information gathering –no vulnerabilities to discover and exploit. Types of Information gathering Are:Active and passive information gathering.
Active information gathering involves contact between you and the actual target.
Passive information gathering refers to gathering as much information as possible without establishing contact between you and the target.
If you do not have permission to test a system, it is not a good idea to perform active querying against it.