Information gathering is a very strong process in doing the penetration testing. Before we do the penetration testing we must to gather all of the information from the outside as much as we can. Because it just like a usual logic, how can we go through the security system without knowing the information about that system in the first place?
Below are the demonstration of information gathering process using several information gathering tools such as sam spade, nslookup, and maltego:
From that tools, I just type the domain of the website you want to find the information and after that SAM SPADE will generate the information about that webisite, for example the DNS, IP address, the last update, the must updated date, etc
just type the domain name of a website in the nslookup and after that it will generate the information about that website for example: DNS.
From this maltego tools, we can obtain so much information about people, company, intitution, etc. we can obtain email address, DNS, and many personal information.