Contact Us Today 01642 716680


Definition: Reconnaissance in cyber security refers to the preliminary phase of an attack or assessment where an attacker or security professional gathers information about the target system, network, or organisation. This information is used to identify potential vulnerabilities or weak spots that can be exploited in later stages of an attack.

Reconnaissance can be either passive, where the attacker avoids direct interaction with the target system to remain undetected (e.g., observing publicly available information), or active, where the attacker engages with the target to gather more detailed data (e.g., using network scanning tools). The process is critical to the success of subsequent attack phases, as it allows the attacker to tailor their strategies based on the target’s specific characteristics and security posture.

Security teams use similar techniques in ethical hacking engagements to identify vulnerabilities and strengthen defenses, highlighting the importance of reconnaissance for both offensive and defensive cyber security practices.

Key Characteristics:

  • Information Gathering: Collection of detailed data on potential targets to inform future actions.
  • Passive and Active Methods: Involves techniques that either do or do not directly interact with the target systems.
  • Critical First Step: Sets the foundation for the strategy and effectiveness of subsequent attack phases.
  • Utilises Open-Source Intelligence (OSINT): Often includes analysis of publicly available information to learn more about a target.


  • Real-World Example: A cyber attacker conducts reconnaissance by examining a corporate website’s source code, looking for comments or scripts that may reveal information about back-end technologies.
  • Hypothetical Scenario: During a penetration test, a security professional utilises social engineering techniques to extract information about an organization’s network security practices from an employee.

Related Terms:

  • Footprinting: The process of creating a unique profile of the target organization, which is part of the reconnaissance phase.
  • Open-Source Intelligence (OSINT): Information collected from publicly available sources used during the reconnaissance.
  • Network Scanning: Actively probing a network to gather information about operating systems, services, and vulnerabilities; often used in active reconnaissance.

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.

      Looking for reliable Penetration Testing? Use the contact form below and request a quote today.