[EH Wk 1] Module 02: Footprinting and Reconnaissance
Footprinting
Footprinting
- The first step in the attack framework.
- Collecting information about the target network.
- Only OSINT, no scanning or probing.
Information Obtained in Footprinting
- Organizational information
- Employee details
- contact information
- Organization’s background
- Network information
- Domain and sub-domains
- Network Architecture
- Whois records
- DNS records
- System information
- Web server OS
- Location of web servers
- Username and passwords
Competitive Intelligence Gathering
- Identify, gather, analyse, and verify information about competitors.
- Most are non-interfering and subtle in nature (Passive reconnaissance)
Footprinting Categories and Tools
Whois Lookup
- Whois databases are maintained by regional internet registries.
- Returns, DNS details, contact details of site administrators, creation and expiration records
- Public information, hence, not intrusive
Extracting DNS Information
- Discover location and types of servers.
- DNS information can determine key hosts in a network, aids social engineering attacks.
- Tools include SecurityTrails, NSLOOKUP
Network Footprinting
- Create a map of target network.
- Range of IP addresses
- Tools include Traceroute, Maltego, Recon-ng, FOCA, OSINT Framework, Recon-Dog, and BillCipher
This post is licensed under
CC BY 4.0
by the author.