Footprinting

1,868 views

Published on

RISC Meet - 20th July
RMIT Information Security Collective
RMIT University

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,868
On SlideShare
0
From Embeds
0
Number of Embeds
542
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Footprinting

  1. 1. Prashant Mahajan RISC MeetRMIT Information Security Collective 20 th July 8.9.43
  2. 2.  Footprinting refers to the preparatory stage where an attacker seeks to gather as much information as possible about the target before launching attack(s). Types:-  Passive  Attack
  3. 3.  Basic information about the target and its network OS, platforms running, web server versions and likes
  4. 4.  Locate company’s URL Internal URL’s  Provide an insight into different departments and business units in the organisation Can be found via trial and error OR? http://news.netcraft.com http://www.webmaster-a.com/link-extractor- internal.php
  5. 5.  SpiderFoot (http://www.binarypool.com)  Will scrape the websites as well as Google, Netcraft, Whois and DNS
  6. 6.  Robtext (http://www.robtex.com)
  7. 7.  Google Bing Dogpile (Goole+Yahoo+Bing+Yandex) Web Wombat (Original Australian) Cuil Alexa
  8. 8.  Some of my favourite resources are:
  9. 9.  http://www.peekyou.com http://www.yoname.com http://www.123people.com http://www.aafter.com http://blogsearch.google.com All Social Networking Sites  MySpace, Facebook, Orkut, Twitter, LinkedIn
  10. 10.  How do you find images using Google? Google Image Search  http://images.google.com Image search may give results according to keywords or metadata from images. Are all the results you get related to what you searched for?
  11. 11.  So, basically, it is google image search in reverse. You can submit an image to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions
  12. 12.  When you submit an image to be searched, TinEye creates a unique and compact digital signature or fingerprint for it, then compares this fingerprint to every other image in our index to retrieve matches. TinEye can even find a partial fingerprint match. TinEye does not typically find similar images (i.e. a different image with the same subject matter); it finds exact matches including those that have been cropped, edited or resized.
  13. 13.  Financial Services like Google Finance, Yahoo Finance Job Sites:  Job Descriptions can be used to gather the infrastructure details Tech Support Websites:  Many times employees give out information in order to get some solutions for their problems
  14. 14.  When did it start? Where is it located? How did it develop? Who leads it? What are the company’s plans?
  15. 15.  nslookup dnsrecon
  16. 16.  http://www.morris-pictures.com The one you need to know is a comment in the source code of the index-2.html, "<!-- Mirrored from www.silvertipfilms.co.uk/index.php by HTTrackWebsite Copier/3.x [XR&CO2008], Thu, 16 Oct 2008 02:10:39 GMT -->" morris-pictures.com was registered on 2008-10-14
  17. 17.  http://www.hackersforcharity.org/ghdb/
  18. 18. Prashant Mahajancorrupt@null.co.in+61 0421 804 786Follow Me on Twitter @prashant3535

×