eJPT Day 3: Active Information Gathering Using Nmap

This article is part of my eJPT learning series.

getroot.dev

~1 min read · February 11, 2026 (Updated: February 11, 2026) · Free: Yes

This article is part of my eJPT learning series.

Active information gathering is where reconnaissance becomes visible.

On Day 3 of my eJPT preparation, I explored techniques that involve direct interaction with target systems, increasing accuracy but also the risk of detection.

DNS Zone Transfers

DNS zone transfers are designed for DNS server synchronization. When misconfigured, they can expose:

Internal hostnames
Subdomains
Network structure

This single misconfiguration can reveal an entire domain structure.

ost Discovery with Nmap

Host discovery is used to identify live systems on a network.

It allows attackers to:

Focus only on reachable targets
Avoid unnecessary noise
Plan further enumeration

From a defensive perspective, discovery scans are early indicators of reconnaissance.

Port Scanning with Nmap

Port scanning reveals:

Open ports
Running services
Possible vulnerabilities

This phase generates detectable traffic and is often logged by firewalls and intrusion detection systems.

Security Takeaway

Active reconnaissance leaves footprints — and those footprints should be detected.

Understanding these techniques helps security teams improve network visibility and alerting.

Learn more about CyberSecurity, AI Security, Bug Bounty, and other varieties of content 👉 https://getroot.dev