# Reconnaissance

Reconnaissance is the first step into gaining access to the target for example if this is an individual target the more information we can gather about the user the better our delivery in Phishing can be, if this is corporate say then the more information we can gather in our recon we might not need the Phishing Method for Initial Access maybe there is a public exploit that help us gain access but we can also take the approach of gaining employee information and work as if it was an individual user.

There are 2 methods for gathering information Passive and Active.

Passive:

&#x20;

This is a good approach for gathering information as we will NOT touch the target in any way such as Scanning Ports making an unusual request to the user/business to gather information.

&#x20;

Active:

&#x20;

This method is NOISY this method in approaching the target is a great method for gathering even more personal, specific, or more information about a target that is usually not found in the passive method but it's a great way to get caught.

&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-infrastructure/reconnaissance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.