DURATION: 18 hours

CPE POINTS: On completion, you get a certificate granting you 18 CPE points. 


“If I had 8 hours to chop down a tree, I would spend 6 hours sharpening my axe.”

Yes! For hackers, this means reconnaissance. 

Reconnaissance is the key phase of hacking and penetration testing, which consists of three subprocesses: footprinting, scanning and enumeration. This course covers a lot of the most valuable advanced techniques of reconnaissance, and gives you hands-on advanced learning outcomes to gather more sophisticated information and analyze it to compromise the target quickly. 

Bug bounty hunters take months to analyze a single target, and if someone has the information in hand using reconnaissance, the process becomes fast and takes less time. You should take this course if you are preparing for advanced course certifications or wanting to sharpen your reconnaissance skills.

Who is this course for? 

  • Ethical hackers
  • Security analysts
  • Penetration testers
  • Security certification aspirant
  • Red teamers
  • Blue teamers

Why take it NOW?

Nowadays, most of the certifications are difficult from a reconnaissance point of view. So mastering this topic makes cracking the examinations easier. Also, whether you are a penetration tester, security analyst or bug bounty hunter, every time you conduct testing, you need strong reconnaissance and much time for the same. So being fluent in this phase will save time and bring more successful results.

Why this course? 

The more information you have in hand, the more accurate the attacks are and the faster they become successful. In this course, we will be working on multiple reconnaissance techniques with a chain attack system. We will chain results until we discover useful attack vectors, digging deeper and deeper with multiple tools.

This course also contains checklists for reconnaissance in each module for you to use outside this course.

Course benefits:

What will you learn about?

This course is not basic. Every topic will be detailed and deeply explained, giving you a lot more detailed techniques, new techniques, new tools and so on for chaining the attacks together.

What tools will you use?

  • Nslookup
  • Dnsenum
  • Fierce 
  • Nmap
  • Wafw00f
  • Wpscan
  • Dirbuster
  • Sublist3r
  • theHarvester
  • Recon-ng 
  • AutoRecon
  • Sparta
  • SpiderFoot
  • Dmitry
  • Legion
  • Google dork
  • Dnsrecon
  • Dnscan
  • Amass
  • netcat
  • Dig
  • Mount
  • Snmpcheck
  • Gobuster
  • Nikto
  • Nbtscan
  • Enum4linux
  • Smbmap
  • Swaks
  • Interlace
  • And so on…

What skills will you gain?

  • Advanced information gathering 
  • Deep reconnaissance techniques 
  • Footprinting analysis
  • Data collection from an attacker’s perspective
  • New set of tools for reconnaissance 
  • Analytical thinking from an attacker’s perspective
  • Stealthy techniques for scanning detection evasion
  • OSINT skills to complement classic reconnaissance 
  • Chaining the attacks from one piece of information to another, manually and with tools (like Interlace)

Course general information: 

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What will you need?

  • Windows/Linux/MacOs (Any one)
  • Kali Linux
  • VirtualBox

What should you know before you join?

  • Knowledge and familiarity with Kali Linux
  • Having knowledge of ethical hacking
  • Already familiar with basic reconnaissance
  • Networking, IP, TCP, DNS basic knowledge


Atul Tiwari has over 10 years in security training. He has trained more than 45k students across 162 countries in online mode. Atul has specialized in web security testing and has conducted hundreds of pentests, audits, and tests of web applications since 2013. He holds CISSP certifications with CEH, cyber laws, CCNA.  

He is the founder and CTO at gray hat | security (INDIA) www.grayhat.in



Module 1

Footprinting the target

In this module, we will start from advanced host discovery, with manual testing and several tools with deep analysis, to see what an attacker can do with a single piece of information. We will detect several services, firewalls, target company details, personal details and a lot more.

  • Advanced Host discovery
  • Footprinting the target machines
  • Footprinting the web servers and services
  • Footprinting firewalls
  • Footprinting DNS
  • Footprinting on companies, persons, emails
  • Google dorking
  • Checklists 

3-5 exercises will be available based on this module.

Module 2

Scanning the target

This is where we start attacking with scanning techniques. From OS detection to port and services scanning, we will find out if any services are vulnerable and/or if any unwanted services are running on a set of port numbers. No basic scans will be there, only advanced scans will be conducted, which gives us the best and most accurate results.

  • Port scanning techniques
  • OS detection techniques
  • IP range techniques 
  • Advanced nmap scan with time and performance
  • Service and version scanning
  • Script scanning
  • Vulnerability scanning
  • Checklists 

3-5 exercises will be available based on this module.

Module 3

Services Enumeration

In this module, we will conduct enumeration on various services to dig deeper and check if anything is wrong with any kind of services running on the target. One protocol can help us find detailed information about other protocols. If any services are found to be vulnerable, we can get more detailed data about them using searchsploit.

  • DNS enumeration
  • HTTP and HTTPS enumeration
  • SMB enumeration
  • FTP enumeration
  • SMTP enumeration
  • SSH enumeration
  • SNMP enumeration
  • NFS enumeration
  • Subdomain enumeration
  • Searchsploit 
  • Checklists 

Exercises: 3-5 exercises will be available based on this module.

Module 4


We will use some more advanced tools with automation and manuals to explore all the required data at once so that we can analyze what is important for us and what is not of use. Many automated tools are available in Kali Linux and some are on GitHub. 

  • Recon-ng automation
  • AutoRecon
  • Sparta
  • SpiderFoot
  • Dmitry
  • Legion
  • Checklists 

Exercises: 3-5 exercises will be available based on this module.

Final exam

MCQ Test, checking knowledge from all 4 modules. 


If you have any questions, please contact our eLearning Manager at [email protected].

Course Reviews


  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.