FOOTPRINTING

Introduction to FootPrinting / Reconnaisance

 Footprinting will allows the attacker to gather the
information related to internal and external security
architecture, attacker collects publicly available
sensitive information.

 Collection of information also helps the attacker to

identify the vulnerabilities in a system and which will in
exploits to gain access.

 Getting more information about target reduces the

focus area & bring attacker closer to the target to
perform easier to attack.
 Types of FootPrinting / Reconnaisance
 Footprinting can be classified into two categories, based on the mode of collecting
the required information

 The types of Footprinting are:-

 Passive Footprinting
 Active Footprinting

 Apart from the mode of information collection, the classification also takes the risk
of detection in the account

 Usually both modes of recon are important in order to gain as much information as
possible and to create a comprehensive test plan
 Objectives of FootPrinting

Collect Network Information Collect System Information Collect System Information

 Domain Name  User and group names  Employee Details

 Internal Domain Names  System banners  Organization Websites
 Network blocks  Routing tables  Company Directory
 IP address of live hosts  SNMP Information  Location Details
 TCP and UDP services running  System Architecture  Address and phone numbers
 Networking Protocols  Remote System Type  Comments in HTML Code
 VPN points  System Names  Security policies implemented
 Authentication Mechanisms  Passwords  News Article
 System Enumeration  Press releases
 Sub domains of website
 Foot Printing Methodology
It is not a big task to get information individuals as the internet, social
media, official websites and many more resources have much information
about their users which are sensitive, an Foot Printing can be done in
many ways below are some. Foot Printing can be done in many ways below
are some Search Engines
Foot Printing can be done in many ways below are some

Search Engines Websites (Archive)

Advanced Google Hacking Social Engineering

Social Networking Sites Tools

 FootPrinting through Search Engine
Attackers use search engines to extract information related to target such as technology platform used in
organization, employee details, login pages and internal domains etc.,
Which help attackers to perform social engineering and other types of advanced attacks

https://en.wikipedia.org/wiki/
https://www.google.com/
https://www.bing.com/
https://duckduckgo.com/
 Introduction to WHOIS Foot printing
Whois Databases are maintained by (RIR) Regional Internet Registries and contain the Personal
Information of domain owners

WHOIS query returns Information obtained from Regional Internet Registries

WHOIS database assists an (RIR’s)
attacker to:
 Domain Name Details
 Contact details of domain
owner  Gather Personal information
 Domain name servers that assist to perform social
 Net Range engineering
 When Domain has been
created
 Expiry records
 Records last Updated
 WHOIS Lookup Result Analysis / WHOIS Tools
Offline Tool: SmartWhois Webtool : www.whois.domaintools.com
 Website FootPrinting
This footprinting includes monitoring and investigating about the target website for gaining
sensitive information such as Software running, versions, operating systems, Sub-directories,
database, scripting information, and other details. This information can be gathered by online
services as defined earlier like netcraft.com An attacker can examine source code, file system
structure and scripting.
 Finding Company’s Public and Restricted Details
During the gathering of data , the
attacker also collects organization's
official Website information including its
public and restricted URLs. Official
Website can search through an enquiry
engine like Google, Bing, etc to seek out
restricted URL of a corporation , using
trial and error method, using different
services which may fetch the knowledge
from internet sites like

WebTools: https://www.netcraft.com
Finding Company’s Public and Restricted Details
Finding Company’s Public and Restricted Details
 Determining the Operating System
Attackers use shodan search engine to get the information of specific computers, servers
routers which are in public
https://www.shodan.io
Determining the OS, Port & Services
 Collect the Location Information
Attackers use to find the physical location of target by using many online tools available
Below are some of these most
popular online services are:

 Google Map
 Bing Map
 Wikimapia
 Yahoo Map
 Other Map and Location services
 People Search: Social Networking Sites

 Social Networking sites are great source of personal and organizational information
 Information about an individual persons can be found at various Social networking sites
 The people search returns the following information about a person or organization
 People Search: Social Networking Sites

Below are the some of the online websites to foot printing on individuals :

 https://www.peekyou.com
 https://www.truepeoplesearch.com
 https://www.truthfinder.com
 https://www.facebook.com
 https://www.zabasearch.com
 https://in.linkedin.com
 https://www.google.com
 https://suip.biz
 https://pipl.com
 Foot Printing Using Google Dorks
Some advanced options which can be used to search for a specific topic using Google
search engines. These Advance search operators will searching more appropriate and
focused on a particular topic ,advanced search operators by google :

Advanced Description
Search
operators For Google Advanced Search, You can also
site : search for the results in the given domain use the following URL:
related : search for similar web pages
cache : Display the web pages stored in Cache https://www.google.com/advanced_search
link : List the websites having a links to a specific web pages
allintext : Search for websites containing a specific keywords
intext : Search for documents containing a specific keyword
allintitle : Search for websites containing a specific keywords in the
title
intitle : Search for documents containing a specific keywords in the
title
allinurl : Search for websites containing a specific keywords in URL

inurl : Search for documents containing a specific keywords in URL

 FootPrinting through Job Sites
Attackers can gather information through Jobsites for Organization infrastructure and
also target individuals to get your personal information through Resumes

In Job Sites, Company's offers the vacancies to people provide their organization's
information and portfolio also is job post. This information includes Company location,
Industry information, Contacts, number of employees in organization Job requirements,
hardware, and software information. Similarly, on these job sites, by a posting fake job,
personal information can be collected from a targeted individual. Some of the popular
job sites are:

 www.linkedIn.com
 www.monster.com
 www.indeed.com
 www.careerbuilder.com
 www.naukri.com
 Website FootPrinting using web spiders
Web Spiders perform automated search on target website to get the results of employee
Details, email address etc.
Tool : Web Data extractor
 Mirroring Entire Website
 Mirroring an entire website in to local system for attackers to browse the target
website offline and it also consist of directory structure along with valuable
information.
 Website copier tools are allow you to download a website to local directory along
with HTML code, Video, images, flash, other config files from server to local system
Download tool from below link
https://www.httrack.com/
 Website Mirroring Tools
Software Websites

Win HTTrack Website Copier https://www.httrack.com/page/Z/

Surf offline Professional http://www.surfoffline.com/

Black Widow http://softbytelabs.com

NCollector Studio http://www.calluna-software.com

Website Ripper Copier http://www.tensons.com

Teleport Pro http://www.tenmax.com

Portable Offline Browser http://www.metaproducts.com

PageNest http://www.pagenest.com

Backstreet Browser http://www.spadixbd.com

Offline Explorer Enterprise http://www.metaproducts.com

GNU Wget http://www.gnu.org.com

Hooeey Webprint http://www.hooeeywebprint.com

 Extract Website Information from Archive.org
 Internet Archive Way back Machine allows you to visit archived versions of websites
 Email FootPrinting
 Email plays a very important role in running an organization's business. Email is one
among the foremost popular, widely used professional ways of communication.

 Communicating with the partners, employees, competitors, contractors and other

sorts of people which are involved in running a corporation.
Collecting Information from Email Header
 DNS Foot Printing
The results will brings the canonical name, aliases, IP address, Domain whois records,
Network whois records and DNS Records. Consider the figure below.
https://centralops.net/co/
 DNS Interrogation Tools
There are lot of online tools available for DNS lookup information Some of them are
listed below

http://www.dnsstuff.com
http://network-tools.com
http://www.mydnstools.info
http://www.domaintools.com
http://www.dnsqueries.com
http://www.ultratools.com
Template FootPrinting Testing

Source : EC-Council
 FootPrinting Countermeasures

 Restrict the employees to accessing social networking sites from organization

network
 configure web servers to avoid information leakage
 Educate employee to use Pseudonyms on blogs, group, and forums
 Do not reveal critical information in press releases, annual reports etc
 Limit the amount of information that you are publishing in to public
 Use same foot printing techniques to discover and remove any sensitive
information publicly available
 Prevent search engines from caching a webpage and use anonymous registrations
services
 Disable directory listing in the web servers
 opt for privacy services on whois lookup database
 Encrypt and password protect sensitive information