Scribd
Upload
89 views

Lecture 3 Reconnaisance

Footprinting involves gathering open-source information about a target system through both active and passive methods in order to plan a cyber attack. Attackers use techniques like search engines, social media, job sites, DNS lookups, and social engineering to collect details like IP addresses, employee names, and infrastructure data. The goal of footprinting is to understand the target's security posture and identify vulnerabilities before launching an attack.

Uploaded by

Arwa Juma Al Busaidi
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
89 views

Lecture 3 Reconnaisance

Footprinting involves gathering open-source information about a target system through both active and passive methods in order to plan a cyber attack. Attackers use techniques like search engines, social media, job sites, DNS lookups, and social engineering to collect details like IP addresses, employee names, and infrastructure data. The goal of footprinting is to understand the target's security posture and identify vulnerabilities before launching an attack.

Uploaded by

Arwa Juma Al Busaidi
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 36

Lecture 3

Footprinting and Reconnaissance


Footprinting
Footprinting means gathering information about a target system that can be used to
execute a successful cyber attack. To get this information, a hacker might use
various methods with variant tools. This information is the first road for the hacker
to crack a system. There are two types of Footprinting as following below. 

•Active Footprinting: Active Footprinting means performing Footprinting by


getting in direct touch with the target machine.

•Passive Footprinting: Passive Footprinting means collecting information about a


system located at a remote distance from the attacker.
Examples of Active and Passive Footprinting

Active Passive
• Performing whois lookup • Finding the information through
• Extracting DNS information search engines
• Performing Traceroute analysis • Searching the people through
the people search services
• Performing Social Engineering
• Searching the infrastructure
• Harvesting Email Lists details of a company through job
sites
Objectives of Footprinting

• Know the Security Posture


• Reduce the focus area
• Identity Vulnerabilities
• Draw Network Map
During this phase of Footprinting, a hacker can collect the
following information −

• Domain name
• IP Addresses
• Namespaces
• Employee information
• Phone numbers
• E-mails
• Job Information
Footprinting Methodology
• Footprinting through search engines
• Footprinting through web services
• Footprinting through social networking sites
• Website Footprinting
• Email Footprinting
• Whois Footprinting
• DNS Footprinting
• Network Footprinting
• Footprinting through Social Engineering
Footprinting through
search engines
Footprinting through search engines
• Attackers use the search engines such as Google, Bing, and Yahoo to extract
information about a target.

• Attackers can use advanced search operators available with these search engines
and create complex queries.

• For Example, consider an organization such as Microsoft. Type Microsoft in the


search box and it would return the results about that entity.

• Information such as physical location, contact addresses, services offered, the


technology used, employee details, and so on can be obtained.
Footprinting using advanced Google Hacking Techniques

• Google hacking refers to the use of advanced Google search operators


for creating complex search queries to extract sensitive hidden
information that helps attackers find vulnerable targets.
Cache:

Using the cache operator, you can find the most recent cache of a specified webpage.

This is useful for identifying when a page was last crawled.

Example:

cache:websitename.com

Allintext:

This operator will help you find whether all the terms that you are looking for shows up in the text of that page. This
operator, however, isn’t pin-accurate because it won’t look for text that appears close together on the page.

Example:

allintext:content social links


Site:

If you need more specific results from a single website, this command brings those results up.

For example, if you wanted to search your favorite SEO website for articles on 404 errors, you would use the following:

“site:searchenginejournal.com 404 errors”

Info:

This one will help you find information related to the domain you are searching for.

With this, you can identify things like pages with the domain text on-page (not necessarily linked), similar on-site pages, and
the website’s cache.

Example:

"info:domainname.com"
Footprinting through IoT search engines

Internet of Things ( IoT) search engines crawls the internet for IoT devices that are
publicly accessible. Through a basic search on these search engines, an attacker gain
control of SCADA systems. Traffic control systems, internet-connected household
appliances, industrial appliances, CCTV cameras, etc.

With the help of IoT search engines such as , an attacker can obtain information such
as manufacturer details, geographical location, IP address, hostname, and ports of the
target device.
Footprinting
through social
networking sites
Footprinting through social networking sites
Attackers use social engineering tricks to gather sensitive information from social
networking websites such as Facebook, MySpace, LinkedIn, Twitter, Pinterest,
Google+, etc.

Attackers create a fake profile and use the false identity to lure people to reveal their
sensitive information
Footprinting through job sites
Attackers use the technical information obtained through job sites such as Dice, LinkedIn, and Simply
Hired, to detect underlying vulnerabilities in the target IT infrastructure.
Email Footprinting
Email Footprinting

• Gathering email addresses related to the target organization act as an important attack
vector during the later phases of hacking
• Attackers use automated tools such as the harvester and Email Spider to collect
publicly available addresses of the target organization which helps them perform
social engineering and brute force attacks.
Who is
Footprinting
Who is Footprinting
Gather network related information such as whois about the target organization is
important when planning the attack. Whois databases are maintained by Regional
Internet Registries and contain personal information of domain owners.

Whois query returns the following information:


• Domain name details
• Contact details of Domain Owners
• Domain Name Servers
• NetRange
• When a domain was created
• Expiry records
• Last updated records
DNS Footprinting
DNS Footprinting
• Attackers perform DNS Footprinting to gather information about the target. DNS
Footprinting reveals DNS zone data that include domain names, IP addresses,
computer names, and much more information about the network.

• An attacker uses the DNS information to determine the key hosts in the network and
then performs social engineering attacks to gather even more information.

Tools for DNS Footprinting :


1. https://tools.dnsstuff.com
2. https://network-tools.com
3. https://yougetsignal.com
4. dnsrecon(kali linux)
Networking
Footprinting
Network Footprinting
Network Footprinting is a method of gathering the footprint of the
target organization’s network. This type of Footprinting describes
how to locate the network range, traceroute analysis, and
traceroute tools.
Network Footprinting
Footprinting through
Social engineering
Website Footprinting
Countermeasures on Footprinting

•Creating awareness among the employees and users about the dangers of
social engineering
•Limiting the sensitive information
•encrypting sensitive information
•using privacy services on the whois lookup database
•Disable directory listings in the web servers
•Enforcing security policies

You might also like