Chapter 12. Discovery Tools

Discovery tools are used to gather information about a target network or system. The tools enable you to easily perform many otherwise manual processes, such as whois queries, DNS zone transfers, SNMP queries, and other information-gathering processes. The tools help you gather DNS records, contact information, network configuration information, host information, and identify systems that are active on a network. The information you gather will help you determine where a target is located and who is controlling it. All of this information helps you build a picture of the environment you are testing. In Chapters 5 and 7, we discussed how discovery tools fit into the penetration-testing methodology. In this chapter we describe some of the more popular discovery tools, explain how they work, and provide tips for using them more effectively.