Reconnaissance audit


A reconnaissance audit enables us to identify the attack surface of a company. This type of audit can be the first step of a security audit, before defining the scope of the penetration tests that will be performed later.


Aim of a reconnaissance audit

The attack surface of a company consists of all elements of its information system that are exposed on the Internet. Most of the time, some items are known and listed, while others are not.

The purpose of a reconnaissance audit is to draw a complete map of these elements. Following this type of audit, it becomes possible to restrict the exposure of elements that should not be publicly accessible, as well as to identify the elements whose security level must be evaluated and reinforced as a priority.

The reconnaissance audit is based on a series of passive searches. Therefore it is not a penetration test. It is an excellent starting point for a security audit whose scope is not clearly defined at the outset. The results of the reconnaissance audit will then define the scope of the pentest.

The reconnaissance audit itself has no defined scope: all the findings concerning the company that commissions the audit will be included in the audit report.

Contact us

Stages of a reconnaissance audit

The preparation phase before this type of audit is very limited. In fact, the name of the company to be targeted is the only starting point of the reconnaissance audit.

Since this type of audit does not involve aggressive searches, there is no need to define intervention dates or to put in place an emergency communication plan.

Vaadata's team performs the audit remotely from its offices. The deliverable delivered at the end of the reconnaissance audit is a report listing all the technical and human elements that a pentester can identify.

Types of elements:

  • Domain names
  • IP addresses
  • Servers exposed on the web
  • Web applications, other online services, APIs
  • Technologies used, versions, components
  • Other sensitive technical data exposed
  • Names of people, e-mail addresses, telephone numbers
  • Flowcharts
  • Passwords leaked on the Internet, and other data leaks
  • etc.
Ask for a quotation

Focus on Google Dorks

Google Dorks find information by using very specific searches in Google.

It is common for documents to be found which are unintentionally available on the Web, because of poor configuration or poor management of files hosted online by a company. In fact, Google continually indexes online sites, which makes it possible to search for interesting information for a cyberattack, by using certain search operators.

For a company, it involves identifying sensitive documents, strategic data or vulnerable services that would be publicly exposed, in order to restrict their access.

google dorks

Focus on the Dark Web

The dark web is the hidden side of the Internet, made up of sites that are not indexed by search engines and not accessible by standard means. Access uses specific tools such as the Tor network, which is the best known.

This type of network avoids surveillance on the Internet, which is why it is used both by opponents of censorship and by cybercriminals.

For a company, a search for information concerning it on the dark web can identify information that has been hacked or plans for attacks that concern the company.

Our range of pentests

We cover a wide technical scope, with specific tests for each type of target. The exact area to which the pentest is applied is to be defined directly according to your security priorities, or after a reconnaissance audit phase for identifying the parts that are most at risk from the viewpoint of an attacker.

Contact us