SlideShare a Scribd company logo

Footprinting and reconnaissance

Download as PPTX, PDF
N
NishaYadav177

These slides guides you through the tools and techniques one can use for footprinting websites or people.You will find amazing tools and techniques have a look

Technology
1 of 8
Footprinting & Reconnaissance By Nisha Yadav
What is Footprinting? Footprinting is a technique to collect as much information as possible about the targeted network/system/website for identifying various ways to intrude into the system. Types: 1.Passive: Gathering information about the target without direct interaction. 2.Active: Gathering information about the target with direct interaction.
Passive Footprinting involves:  Finding information through search engines Google, Bing, DuckDuckGo, https://www.searchenginecolossus.com/  Finding top-level domains and sub-domains Sublist3r,Dnsdumpster,netcraft,nmap - -script dns-brute www.example.com  Collecting location information through webservices Google earth, Google map, mapquest, wikimap iplogger.org  Gathering infrastructure details of the target organization through job sites. http://www.careerbuilder.co.in/  Extracting information through internet archives WayBackMachine, archive.org, foca, Web Data Extractor  Monitoring target using alert services Changedetection.com, websitewatcher, google alerts, twitter alerts etc  Determining the Operating System used by Target netcraft.com, shodan.io (shodan search book), Censys.io https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON- 18-Schearer-SHODAN.pdf
Continued  Performing people search using social networking sites & people search archives pipl.com, namecheck.com , Spokeo, BeenVerified, LinkedIn Inspy(techSpy, EmpSpy), Myspace, Pinterest etc.  Determining the webserver, cms, webservice used by target organization Wappalyzer browser extension, WHATCMS, BuiltWith,Analysis of html code  Finding if target has similar or parallel domains urlcrazy –p url  Footprinting through advance google hacking Google Dorks,GHDB ( https://www.exploit-db.com/google-hacking-database), cve,explot-db  Information gathering using google advance search or advanced image search https://www.google.com/advanced_search https://www.google.com/advanced_image_search
Passive Footprinting involves:  Querying published name servers of target Recursive DNS Queries(amplifier attack)  Extract metadata of published documents and files  Gathering website information using web spidering and mirroring tools Burp Suite, Zaproxy, Firebug, Accunetix, SpiderFoot, Visual SEO  Gathering information through email tracking email header, eMailTrackerPro, Zendio, ReadNotify  Performing Whois lookup http://whois.domaintools.com, tamos.com,  Extracting DNS information dnssniffer.com, Nslookup  Performing Traceroute analysis tracert, pathanalyzer.com, visualroute.com  Performing Social engineering Eavesdropping(interception), Shoulder Surfing(observation), Dumpster diving(trash inspection i.e phone bills)
What Users Do What attacker Gets Maintain profile Contact info, location & related info Connect to friends, chatting Friends list, friend’s info & related info Share photos and videos Identity of family members, Interests Play games, join groups Interests Create events Activities What Organizations Do What attacker Gets User surveys Business strategies Promote products Product profile User support Social Engineering Recruitment Platform/technology information Background check to hire employees Type of business
BONUS
Thank You #HappyFootprinting #TogetherWeHitHarder

Recommended

Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
leminhvuong
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
n|u - The Open Security Community
 
Footprinting
FootprintingFootprinting
Footprinting
Duah John
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printing
CHETAN THAKRE
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 

Recommended

Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
leminhvuong
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
n|u - The Open Security Community
 
Footprinting
FootprintingFootprinting
Footprinting
Duah John
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printing
CHETAN THAKRE
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
System hacking
System hackingSystem hacking
System hacking
CAS
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
LJ PROJECTS
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
Priyanka Aash
 
Ethical hacking - Footprinting.pptx
Ethical hacking - Footprinting.pptxEthical hacking - Footprinting.pptx
Ethical hacking - Footprinting.pptx
Nargis Parveen
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
Case IQ
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
Nitin Bisht
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
primeteacher32
 
Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Network scanning
Network scanningNetwork scanning
Network scanning
oceanofwebs
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
Hansa Nidushan
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Owasp modern information gathering
Owasp modern information gatheringOwasp modern information gathering
Owasp modern information gathering
KZA
 
Different Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsDifferent Methodology To Recon Your Targets
Different Methodology To Recon Your Targets
EslamAkl
 

More Related Content

What's hot

Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
Case IQ
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 

What's hot (20)

System hacking
System hackingSystem hacking
System hacking
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
Ethical hacking - Footprinting.pptx
Ethical hacking - Footprinting.pptxEthical hacking - Footprinting.pptx
Ethical hacking - Footprinting.pptx
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Software security
Software securitySoftware security
Software security
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Network Security
Network SecurityNetwork Security
Network Security
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 

Similar to Footprinting and reconnaissance

Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
maroti164
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Boston Institute of Analytics
 
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docxLab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
LaticiaGrissomzz
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptx
MahdiHasanSowrav
 
portenumaration-1.pptx_20231116_115028_0000.pdf
portenumaration-1.pptx_20231116_115028_0000.pdfportenumaration-1.pptx_20231116_115028_0000.pdf
portenumaration-1.pptx_20231116_115028_0000.pdf
vp544770
 
How to scraping content from web for location-based mobile app.
How to scraping content from web for location-based mobile app.How to scraping content from web for location-based mobile app.
How to scraping content from web for location-based mobile app.
Diep Nguyen
 

Similar to Footprinting and reconnaissance (20)

Owasp modern information gathering
Owasp modern information gatheringOwasp modern information gathering
Owasp modern information gathering
 
Different Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsDifferent Methodology To Recon Your Targets
Different Methodology To Recon Your Targets
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
 
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP Spain
 
Footprinting
FootprintingFootprinting
Footprinting
 
Bug bounty recon.pdf
Bug bounty recon.pdfBug bounty recon.pdf
Bug bounty recon.pdf
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docxLab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
 
Computer security
Computer securityComputer security
Computer security
 
Intrigue Core: Scaling Assessment Automation
Intrigue Core: Scaling Assessment AutomationIntrigue Core: Scaling Assessment Automation
Intrigue Core: Scaling Assessment Automation
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptx
 
Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hacking
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
portenumaration-1.pptx_20231116_115028_0000.pdf
portenumaration-1.pptx_20231116_115028_0000.pdfportenumaration-1.pptx_20231116_115028_0000.pdf
portenumaration-1.pptx_20231116_115028_0000.pdf
 
Hii the convergence_of_google_and_bots_-_searching_for_security_vulnerabiliti...
Hii the convergence_of_google_and_bots_-_searching_for_security_vulnerabiliti...Hii the convergence_of_google_and_bots_-_searching_for_security_vulnerabiliti...
Hii the convergence_of_google_and_bots_-_searching_for_security_vulnerabiliti...
 
Google Hacking: Convergence of Google and Bots
Google Hacking: Convergence of Google and BotsGoogle Hacking: Convergence of Google and Bots
Google Hacking: Convergence of Google and Bots
 
How to scraping content from web for location-based mobile app.
How to scraping content from web for location-based mobile app.How to scraping content from web for location-based mobile app.
How to scraping content from web for location-based mobile app.
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
 

Recently uploaded

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

Footprinting and reconnaissance

  • 2. What is Footprinting? Footprinting is a technique to collect as much information as possible about the targeted network/system/website for identifying various ways to intrude into the system. Types: 1.Passive: Gathering information about the target without direct interaction. 2.Active: Gathering information about the target with direct interaction.
  • 3. Passive Footprinting involves:  Finding information through search engines Google, Bing, DuckDuckGo, https://www.searchenginecolossus.com/  Finding top-level domains and sub-domains Sublist3r,Dnsdumpster,netcraft,nmap - -script dns-brute www.example.com  Collecting location information through webservices Google earth, Google map, mapquest, wikimap iplogger.org  Gathering infrastructure details of the target organization through job sites. http://www.careerbuilder.co.in/  Extracting information through internet archives WayBackMachine, archive.org, foca, Web Data Extractor  Monitoring target using alert services Changedetection.com, websitewatcher, google alerts, twitter alerts etc  Determining the Operating System used by Target netcraft.com, shodan.io (shodan search book), Censys.io https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON- 18-Schearer-SHODAN.pdf
  • 4. Continued  Performing people search using social networking sites & people search archives pipl.com, namecheck.com , Spokeo, BeenVerified, LinkedIn Inspy(techSpy, EmpSpy), Myspace, Pinterest etc.  Determining the webserver, cms, webservice used by target organization Wappalyzer browser extension, WHATCMS, BuiltWith,Analysis of html code  Finding if target has similar or parallel domains urlcrazy –p url  Footprinting through advance google hacking Google Dorks,GHDB ( https://www.exploit-db.com/google-hacking-database), cve,explot-db  Information gathering using google advance search or advanced image search https://www.google.com/advanced_search https://www.google.com/advanced_image_search
  • 5. Passive Footprinting involves:  Querying published name servers of target Recursive DNS Queries(amplifier attack)  Extract metadata of published documents and files  Gathering website information using web spidering and mirroring tools Burp Suite, Zaproxy, Firebug, Accunetix, SpiderFoot, Visual SEO  Gathering information through email tracking email header, eMailTrackerPro, Zendio, ReadNotify  Performing Whois lookup http://whois.domaintools.com, tamos.com,  Extracting DNS information dnssniffer.com, Nslookup  Performing Traceroute analysis tracert, pathanalyzer.com, visualroute.com  Performing Social engineering Eavesdropping(interception), Shoulder Surfing(observation), Dumpster diving(trash inspection i.e phone bills)
  • 6. What Users Do What attacker Gets Maintain profile Contact info, location & related info Connect to friends, chatting Friends list, friend’s info & related info Share photos and videos Identity of family members, Interests Play games, join groups Interests Create events Activities What Organizations Do What attacker Gets User surveys Business strategies Promote products Product profile User support Social Engineering Recruitment Platform/technology information Background check to hire employees Type of business