Home > Roadmap > Reconnaissance & Enumeration > Learning Modules

๐Ÿ” Reconnaissance & Enumeration Learning Modules

Master information gathering and target analysis through comprehensive, hands-on learning modules

Intermediate to Advanced

Learning Path Overview

Our Reconnaissance & Enumeration learning path is structured into progressive modules, each building upon previous knowledge. Each module includes theoretical concepts, practical exercises, and real-world reconnaissance scenarios.

๐Ÿ“Š Your Learning Progress

Module 1 In Development
OSINT & Passive Recon
Module 2 Coming Soon
Active Scanning
Module 3 Coming Soon
Service Enumeration
Module 4 Coming Soon
Web Application Recon
Hands-on Labs Available
Comprehensive Exercises

๐ŸŽฏ Learning Modules

Module 1: OSINT & Passive Reconnaissance

Intermediate 4-6 hours In Development

Master Open Source Intelligence and passive information gathering techniques without directly interacting with the target.

  • OSINT Fundamentals & Methodologies
  • Google Dorking & Advanced Search
  • Social Media Intelligence (SOCMINT)
  • DNS Passive Reconnaissance

๐Ÿ“š Resources

Start Module 1 Take Assessment

Module 2: Active Network Scanning

Intermediate 6-8 hours Coming Soon

Master active scanning techniques including port scanning, host discovery, and network mapping.

  • Nmap Fundamentals & Advanced Techniques
  • Host Discovery & Network Mapping
  • Port Scanning Strategies
  • Firewall & IDS Evasion

๐Ÿ“š Resources

Start Module 2 Take Assessment

Module 3: Service-Specific Enumeration

Advanced 8-10 hours Coming Soon

Deep dive into service-specific enumeration techniques for SMB, SNMP, DNS, LDAP, and other protocols.

  • SMB & NetBIOS Enumeration
  • SNMP Enumeration & Analysis
  • DNS Zone Transfers & Analysis
  • LDAP & Directory Service Enumeration

๐Ÿ“š Resources

Start Module 3 Take Assessment

Module 4: Web Application Reconnaissance

Advanced 8-10 hours Coming Soon

Master web application reconnaissance including technology identification, subdomain discovery, and vulnerability scanning.

  • Technology Stack Identification
  • Subdomain & Content Discovery
  • Web Application Fingerprinting
  • API Endpoint Discovery

๐Ÿ“š Resources

Start Module 4 Take Assessment

๐Ÿงช Hands-On Lab Exercises

Intermediate 6-8 hours โœ… Available

Comprehensive hands-on exercises covering passive and active reconnaissance techniques.

  • OSINT Gathering Exercises
  • Passive Reconnaissance Techniques
  • Active Network Scanning
  • Service Enumeration Practice
  • Web Application Recon
  • Complete Target Profiling

๐Ÿ“š Resources

Start Lab Exercises External Labs

๐Ÿ”— Related Learning Paths

Web Application Security

Advanced web application testing and exploitation techniques

Explore Web App Security โ†’

Network Security

Network protocols, analysis, and penetration testing

Explore Network Security โ†’

SIGINT & Traffic Analysis

Signals intelligence and traffic interception techniques

Explore SIGINT โ†’

๐Ÿ› ๏ธ Essential Tools & Platforms

OSINT Tools

Scanning Tools

  • Nmap - Network discovery and auditing
  • Masscan - Fast port scanner
  • Nuclei - Vulnerability scanner
  • httpx - HTTP toolkit

Enumeration Tools

Learning Platforms

๐Ÿ“ง Stay Updated with New Modules

Get notified when we add new reconnaissance and OSINT learning modules!

โ† Back to Reconnaissance Roadmap โ† Back to All Roadmaps