Footprint

1. What is Footprinting?
• Footprinting is the first step of any attack on information systems in
which an attacker collects information about a target network to
identify various ways to intrude into the system

2. Footprinting Using Advanced Google Hacking Techniques
• Google hacking refers to the use of advanced Google search operators for
creating complex search queries to extract sensitive or hidden information that
helps attackers find vulnerable targets.
• [cache:] Displays the web pages stored in the Google cache
• [allintitle:] Restricts the results to those websites containing all the search
keywords in the title
• [link:] Lists web pages that have links to the specified web page
• [intitle:] Restricts the results to documents containing the search keyword in the
title
• [related:] Lists web pages that are similar to the specified web page

3. • [allinurl:] Restricts the results to those containing all the search
keywords in the URL
• [info:] Presents some information that Google has about a particular
web pag
• [inurl:] Restricts the results to documents containing the search
keyword in the URL
• [site:] Restricts the results to those websites in the given domai
• [location:] Finds information for a specific locatio
Note: Do not enter any spaces between the operator and the query.

4.  site: This operator restricts search results to the specified site or
domain. For example, the [games site: www.certifiedhacker.com]
query gives information on games from the certifiedhacker site.
 inurl: This operator restricts the results to only the pages containing
the specified word in the URL. For example, the [inurl: copy
site:www.google.com] query returns only Google pages in which the
URL has the word “copy.”
Sensitive information Google dork :
inurl:login.php
inurl:index.php?id=

5. Whois
• You can use the whois command in Linux to find out information
about a domain, such as the owner of the domain, the owner's
contact information, and the nameservers that the domain is using.
• Example : https://whois.domaintools.com/

6. Technology lookup
• Find out what websites are Built With
• Example : https://builtwith.com/

7. Banner Grabing
• Banner grabbing is a technique used to gain information about a
computer system on a network and the services running on its open
ports. Administrators can use this to take inventory of the systems
and services on their network.
• Banner Grabbing” is often termed as “Service Fingerprinting”.
Netcat is a network utility that will again help us to grab the FTP
banner of the remote host server.
nc 192.168.0.11 21

8. Whatweb
• “WhatWeb” recognizes websites, which helps us to grab the web-
applications banner by disclosing the server information with its
version, the IP address, the webpage Title and running operating
system.
Type the following command in order to capture the essentials.
• whatweb <website URL>

9. Shadon
Shodan is also a search engine, but one designed specifically for IoT
devices. It scours the invisible parts of the Internet most people won’t
ever see. Any connected device can show up in a search, including:
• Servers
• Printers
• Webcams
• Traffic lights
• Security cameras
• Control systems

10. SubDomain
• A subdomain is an additional part to your main domain name.
Subdomains are created to organize and navigate to different sections
of your website. You can create multiple subdomains or child domains
on your main domain.
• Example : https://github.com/Moham3dRiahi/Th3inspector

11. OSINT Framework
• OSINT framework focused on gathering information from free tools or
resources. The intention is to help people find free OSINT resources.
• Open Source INTelligence
• Example : https://osintframework.com/