Scribd
Upload
120 views16 pages

Foot Printing

Footprinting is the process of gathering information about a target system or organization without permission in order to identify vulnerabilities for hacking or penetration testing. There are two types of footprinting - active footprinting, which directly interacts with the target system, and passive footprinting, which gathers information from other public sources. Footprinting tools can gather domain and IP information, check if servers are shared, identify subdomains, extract linked URLs, domains, emails and phone numbers from a website, find personnel social media profiles, and monitor competitive websites for changes. The goal of footprinting is to collect as much public information as possible to help identify entry points into a target system.

Uploaded by

adminganda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
120 views16 pages

Foot Printing

Footprinting is the process of gathering information about a target system or organization without permission in order to identify vulnerabilities for hacking or penetration testing. There are two types of footprinting - active footprinting, which directly interacts with the target system, and passive footprinting, which gathers information from other public sources. Footprinting tools can gather domain and IP information, check if servers are shared, identify subdomains, extract linked URLs, domains, emails and phone numbers from a website, find personnel social media profiles, and monitor competitive websites for changes. The goal of footprinting is to collect as much public information as possible to help identify entry points into a target system.

Uploaded by

adminganda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Foot printing

Foot printing
What is foot printing?
Gathering information, finding vulnerability basically a
hacker can use many tools to crack the victim’s
system.
Foot printing is of 2 types;
Active – to gather information actively from true
source
Passive – to gather information from other sources

To find Vulnerabilities or pen testing you can use


- Black box - only URLs are provided
- Grey Box - login details
- White Box – login details and source code
Foot printing - gather information via
Domain/IP

Black box - only URLs are provided


With URL you can gather information for IP/domain

Step 1 – Gather information through domain

Tool : https://whois.domaintools.com/

Information provided: Domain when it was created/updated,


IP address, IP location, host dedicated or shared

Foot printing - gather information via
shared server
Step 2 – Gather information if server is shared by different
domain

Tool : IP neighbor check


https://www.dnsqueries.com/en/ip_neighbors.php

Information provided: how many IPs/ Domain shared the


same server , its easy to hack other domains sharing same
server.
To find if server is shared – use IP neighbor check tool


www.dilmil.com is sharing the server with
7 other domains/IPs
Foot printing - gather information
via sub-domain (parent-child)

Step 3 – Gather information to check if there are any sub-


domains

Tool : dnsdumpster
https://dnsdumpster.com/

● Information provided: Hosting (IP block owners), GeoIP of Host


Locations, DNS Servers , MX Records ( This is where email for the domain
goes), TXT Records (Find more hosts in Sender Policy Framework (SPF)
configurations), Host Records , Mapping the domain
Using dnsdumpster - https://dnsdumpster.com/

To find information of sub domains- parent –


child domain
Foot printing - gather information
via sub-domain (parent-child)

Step 3 – Gather information to check if there are any sub-


domains

Tool : dnsdumpster
https://dnsdumpster.com/

Information provided: Hosting (IP block owners), GeoIP of Host


Locations, DNS Servers , MX Records ( This is where email for the
domain goes), TXT Records (Find more hosts in Sender Policy Framework (SPF)
configurations), Host Records , Mapping the domain
Using waybackmachine - https://archive.org/web/

See history of domain using screenshots/snapshots


-e.g Hackers can approach as follower of some blogs/websites and send
some malicious file using phishing email
Foot printing – using URL extract data
like other linked URLs, Domains,
Emails, Phones

Step 3 – Gather information like domains, emails and


phones

Tool : Web data extractor


http://www.webextractor.com/download.htm

Information provided: Contact details of personnel


working for that company like emails, phone numbers, link,
domain.
Web data extractor


Foot printing – find out information
about personnel available on social
media from victim’s URL

Step 3 – Gather information like personnel information like


name, email ids, social media presence

Tool : theHarvester and Crosslinked in kali

Information provided: Contact details of personnel


working for that company like names, official emails,
present in social media. This can be used on spoofing and
phishing attack
theHarvester - master


Crosslinked - master
Foot printing – gather information via
competitive intelligence tools

Step 3 – monitor various competitive websites

Tool : Changedetection.com

Information provided: Change detection tool will detect if


any alerts like any changes in website are available and
notify the hacker through email at set time interval
Change Detection Tool

You might also like