Information gathering types
During passive information gathering you should never send any type of traffic directly to the target. Passive I.G. allows the greatest amount of anonymity.
During active information gathering you are sending requests to remote services and receiving responses based on the service type. This method includes, but is not limited to: DNS zone transfers, DNS reverse lookup, SMTP querying, SNMP enumeration, DNS bruteforcing, banner grabbing and smtp bruteforcing.
During semi-passive information gathering you generate, what would be considered, normal traffic. You may contact the target but the requests need to look like all of the traffic is being generated from normal requests.
OSINT Part 2
Professional and business social networks