Footprinting is a technique for gathering detailed information about a target network or system to identify potential intrusion methods. It can be categorized into passive and active types, with passive footprinting involving information collection without direct interaction and active footprinting requiring direct engagement. Various tools and methods are utilized for gathering data, including search engines, web services, social networking sites, and advanced Google techniques.

1. Footprinting & Reconnaissance
By
Nisha Yadav

2. What is Footprinting?
Footprinting is a technique to collect as much information as possible about
the targeted network/system/website for identifying various ways to intrude
into the system.
Types:
1.Passive: Gathering information about the target without direct interaction.
2.Active: Gathering information about the target with direct interaction.

3. Passive Footprinting involves:
 Finding information through search engines
Google, Bing, DuckDuckGo, https://www.searchenginecolossus.com/
 Finding top-level domains and sub-domains
Sublist3r,Dnsdumpster,netcraft,nmap - -script dns-brute www.example.com
 Collecting location information through webservices
Google earth, Google map, mapquest, wikimap iplogger.org
 Gathering infrastructure details of the target organization through job sites.
http://www.careerbuilder.co.in/
 Extracting information through internet archives
WayBackMachine, archive.org, foca, Web Data Extractor
 Monitoring target using alert services
Changedetection.com, websitewatcher, google alerts, twitter alerts etc
 Determining the Operating System used by Target
netcraft.com, shodan.io (shodan search book), Censys.io
https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-
18-Schearer-SHODAN.pdf

4. Continued
 Performing people search using social networking sites & people search archives
pipl.com, namecheck.com , Spokeo, BeenVerified, LinkedIn Inspy(techSpy,
EmpSpy), Myspace, Pinterest etc.
 Determining the webserver, cms, webservice used by target organization
Wappalyzer browser extension, WHATCMS, BuiltWith,Analysis of html code
 Finding if target has similar or parallel domains
urlcrazy –p url
 Footprinting through advance google hacking
Google Dorks,GHDB ( https://www.exploit-db.com/google-hacking-database),
cve,explot-db
 Information gathering using google advance search or advanced image search
https://www.google.com/advanced_search
https://www.google.com/advanced_image_search

5. Passive Footprinting involves:
 Querying published name servers of target
Recursive DNS Queries(amplifier attack)
 Extract metadata of published documents and files
 Gathering website information using web spidering and mirroring tools
Burp Suite, Zaproxy, Firebug, Accunetix, SpiderFoot, Visual SEO
 Gathering information through email tracking
email header, eMailTrackerPro, Zendio, ReadNotify
 Performing Whois lookup
http://whois.domaintools.com, tamos.com,
 Extracting DNS information
dnssniffer.com, Nslookup
 Performing Traceroute analysis
tracert, pathanalyzer.com, visualroute.com
 Performing Social engineering
Eavesdropping(interception), Shoulder Surfing(observation), Dumpster
diving(trash inspection i.e phone bills)

6. What Users Do What attacker Gets
Maintain profile Contact info, location & related info
Connect to friends, chatting Friends list, friend’s info & related info
Share photos and videos Identity of family members, Interests
Play games, join groups Interests
Create events Activities
What Organizations Do What attacker Gets
User surveys Business strategies
Promote products Product profile
User support Social Engineering
Recruitment Platform/technology information
Background check to hire employees Type of business

7. BONUS

8. Thank You
#HappyFootprinting #TogetherWeHitHarder