Footprinting and Reconnaissance
What the hell is Footprinting?
Well in a layman and simple language “ Foot Printing in Security terms is the process to gather as much possible information about the Target Organization.”
Physical Location, Domain, Number of Employees, URL’s, VPN’s, Phone Numbers, IP Address etcetra.
- Social Engineering:- The easiest of all and can be done without any tool.
- Business Loss
- Corporate Espionage
- Information Leak
- System and Network Attack
Objectives of Footprinting
- Collect Network Information
- Collect System Information
- Collect Organizations Information
Footprinting Different Methods.
- Footprinting through Social Media, this one is the most easiest to do mostly attacker will create fake account/ids and tries to gather as much as possible information about the target Organization.
- Footprinting through Search Engines like bing, google and duckduckgo. My favorite is duckduckgo. Attackers also look for cache and archives. Some of the good tools are netcraft, shodan, pipl, Google Earth. in order to perform footpriting.
- Footprinting through the Job sites. Hackers will come to know what tools and technology organization is working on.
- Target Monitoring through the Alerts like google alerts, twitter alerts, yahoo alerts.
- Another good method is via Google Hacking databases and Advance search queries. Query string can be used in search and can be used as keywords. Also Google Advance Search Operators can be utilized. For example “intitle index of” list down all the sites with index open. securityfocus.com, hackersforcharity.org/ghdb are few sites where you can get most of the info.
- Website footprinting is monitoring the target organization website. Web server details, directory structure, developers email id are some of the common info. Also tools available where we can mirror the whole website. Backdated website information can be extracted from archive.org.
- Email tracking is used to track the emails. Emails are used to gather information in order to perform the social engineering and many other attacks, Spam.
- DNS Information attackers can get the hosts in the network. Hackers can get A, CNAME, PTR, MX, NS, HINFO records. There are lot of command line utilities available to get the DNS information. nslookup and dig are the most common among the tools.
- WHOis attackers perform WHOis to understand whois behind a specific domain? ARIN, AFRINIC, RIPE. APNIC, LATNIC are the RIR’s (Regional Internet Registry). We can get info from WHOis like email, domain owner, address, name servers for the domain, registrar.
- Network Footprinting
- Footprinting through Social Engineering. Eavesdropping, Shoulder Surfing, Dumpster Diving.