Information gathering is the first step of any penetration test, and also the most important phase

Passive information gathering: This has to do with not actively engaging the target Active information gathering: this involves gathering as much information as possible by actively engaging with the target system (permission is required for this)