Professional Documents
Culture Documents
02 Footprinting
02 Footprinting
4
We can only collect In active footprinting, the
archived and stored target may recognize the
information about the ongoing information
target using search gathering process
engines, social networking
sites, and so on. it may leave traces that
may alert the target
organization
4
5
Footprinting Threats
The following are assorted threats made possible through footprinting:
6
Footprinting Threats
The following are assorted threats made possible through footprinting:
Social Engineering: Without using any intrusion methods, hackers directly and indirectly collect information
through persuasion and other means. Hackers gather crucial information from willing employees who are
unaware of the hackers’ intent.
6
Footprinting Threats
The following are assorted threats made possible through footprinting:
Social Engineering: Without using any intrusion methods, hackers directly and indirectly collect information
through persuasion and other means. Hackers gather crucial information from willing employees who are
unaware of the hackers’ intent.
System and Network Attacks: Footprinting enables an attacker to perform system and network attacks.
Thus, attackers can gather information related to the target organization’s system configuration, the operating
system running on the machine, and so on.
6
Footprinting Threats
The following are assorted threats made possible through footprinting:
Social Engineering: Without using any intrusion methods, hackers directly and indirectly collect information
through persuasion and other means. Hackers gather crucial information from willing employees who are
unaware of the hackers’ intent.
System and Network Attacks: Footprinting enables an attacker to perform system and network attacks.
Thus, attackers can gather information related to the target organization’s system configuration, the operating
system running on the machine, and so on.
Loading…
Information Leakage: If sensitive information of an entity falls into the hands of attackers, they can mount an
attack based on the information
6
Footprinting Threats
The following are assorted threats made possible through footprinting:
Social Engineering: Without using any intrusion methods, hackers directly and indirectly collect information
through persuasion and other means. Hackers gather crucial information from willing employees who are
unaware of the hackers’ intent.
System and Network Attacks: Footprinting enables an attacker to perform system and network attacks.
Thus, attackers can gather information related to the target organization’s system configuration, the operating
system running on the machine, and so on.
Information Leakage: If sensitive information of an entity falls into the hands of attackers, they can mount an
attack based on the information
Privacy Loss: Hackers can access the systems and networks of the organization and even escalate the privileges
up to admin levels, resulting in the loss of privacy for the organization and for its individual personnel.
6
Footprinting Threats
The following are assorted threats made possible through footprinting:
Social Engineering: Without using any intrusion methods, hackers directly and indirectly collect information
through persuasion and other means. Hackers gather crucial information from willing employees who are
unaware of the hackers’ intent.
System and Network Attacks: Footprinting enables an attacker to perform system and network attacks.
Thus, attackers can gather information related to the target organization’s system configuration, the operating
system running on the machine, and so on.
Information Leakage: If sensitive information of an entity falls into the hands of attackers, they can mount an
attack based on the information
Privacy Loss: Hackers can access the systems and networks of the organization and even escalate the privileges
up to admin levels, resulting in the loss of privacy for the organization and for its individual personnel.
Corporate Espionage: Through this approach, competitors can launch similar products in the market, alter
prices, and generally undermine the market position of a target organization.
6
7
8
8
8
8
9
Some popular Google advanced search operators include:
10
Some popular Google advanced search operators include:
10
Some popular Google advanced search operators include:
10
Some popular Google advanced search operators include:
10
Some popular Google advanced search operators include:
10
Some popular Google advanced search operators include:
10
Some popular Google advanced search operators include:
10
Some popular Google advanced search operators include:
10
Some popular Google advanced search operators include:
11
Some popular Google advanced search operators include:
allinanchor: This operator restricts results to only the pages containing all query terms specified in the anchor text
on links to the pages.
For example, the [allinanchor: best cloud service provider] returns only pages for which the anchor text on links to the
pages contains the words “best,” “cloud,” “service,” and “provider.”
Loading…
11
Some popular Google advanced search operators include:
allinanchor: This operator restricts results to only the pages containing all query terms specified in the anchor text
on links to the pages.
For example, the [allinanchor: best cloud service provider] returns only pages for which the anchor text on links to the
pages contains the words “best,” “cloud,” “service,” and “provider.”
cache: This operator displays Google's cached version of a web page instead of the current version of the web page.
For example, [cache:www.eff.org] will show Google’s cached version of the webpage.
11
Some popular Google advanced search operators include:
allinanchor: This operator restricts results to only the pages containing all query terms specified in the anchor text
on links to the pages.
For example, the [allinanchor: best cloud service provider] returns only pages for which the anchor text on links to the
pages contains the words “best,” “cloud,” “service,” and “provider.”
cache: This operator displays Google's cached version of a web page instead of the current version of the web page.
For example, [cache:www.eff.org] will show Google’s cached version of the webpage.
link: This operator searches websites or pages that contain links to the specified website or page.
For example, [link:www.googleguide.com] finds pages that point to Google Guide’s home page.
11
Some popular Google advanced search operators include:
allinanchor: This operator restricts results to only the pages containing all query terms specified in the anchor text
on links to the pages.
For example, the [allinanchor: best cloud service provider] returns only pages for which the anchor text on links to the
pages contains the words “best,” “cloud,” “service,” and “provider.”
cache: This operator displays Google's cached version of a web page instead of the current version of the web page.
For example, [cache:www.eff.org] will show Google’s cached version of the webpage.
link: This operator searches websites or pages that contain links to the specified website or page.
For example, [link:www.googleguide.com] finds pages that point to Google Guide’s home page.
related: This operator displays websites that are similar or related to the URL specified.
For example, [related:www.microsoft.com] provides the Google search engine results page with websites similar to
microsoft.com.
11
Some popular Google advanced search operators include:
allinanchor: This operator restricts results to only the pages containing all query terms specified in the anchor text
on links to the pages.
For example, the [allinanchor: best cloud service provider] returns only pages for which the anchor text on links to the
pages contains the words “best,” “cloud,” “service,” and “provider.”
cache: This operator displays Google's cached version of a web page instead of the current version of the web page.
For example, [cache:www.eff.org] will show Google’s cached version of the webpage.
link: This operator searches websites or pages that contain links to the specified website or page.
For example, [link:www.googleguide.com] finds pages that point to Google Guide’s home page.
related: This operator displays websites that are similar or related to the URL specified.
For example, [related:www.microsoft.com] provides the Google search engine results page with websites similar to
microsoft.com.
location: This operator finds information for a specific location.
11
Some popular Google advanced search operators include:
allinanchor: This operator restricts results to only the pages containing all query terms specified in the anchor text
on links to the pages.
For example, the [allinanchor: best cloud service provider] returns only pages for which the anchor text on links to the
pages contains the words “best,” “cloud,” “service,” and “provider.”
cache: This operator displays Google's cached version of a web page instead of the current version of the web page.
For example, [cache:www.eff.org] will show Google’s cached version of the webpage.
link: This operator searches websites or pages that contain links to the specified website or page.
For example, [link:www.googleguide.com] finds pages that point to Google Guide’s home page.
related: This operator displays websites that are similar or related to the URL specified.
For example, [related:www.microsoft.com] provides the Google search engine results page with websites similar to
microsoft.com.
location: This operator finds information for a specific location.
filetype: This operator allows you to search for results based on a file extension.
For Example, [jasmine:jpg] will provide jpg files based on jasmine.
11
Google Hacking Database
12
Google Hacking Database
Attackers can use the Google Hacking Database (GHDB), a database of queries, to identify sensitive data.
12
Google Hacking Database
Attackers can use the Google Hacking Database (GHDB), a database of queries, to identify sensitive data.
In the GHDB, you will find search terms for files containing usernames, vulnerable servers, and even files
containing passwords.
12
Google Hacking Database
Attackers can use the Google Hacking Database (GHDB), a database of queries, to identify sensitive data.
In the GHDB, you will find search terms for files containing usernames, vulnerable servers, and even files
containing passwords.
12
Google Hacking Database
Attackers can use the Google Hacking Database (GHDB), a database of queries, to identify sensitive data.
In the GHDB, you will find search terms for files containing usernames, vulnerable servers, and even files
containing passwords.
12
Google Hacking Database
Attackers can use the Google Hacking Database (GHDB), a database of queries, to identify sensitive data.
In the GHDB, you will find search terms for files containing usernames, vulnerable servers, and even files
containing passwords.
GHDB was never meant to be made public, but this information was linked in a web document that was crawled by
a search engine.
12
Google Hacking Database Categories:
Footholds: Once malware or a malicious exploit has bypassed your defences and run on your system, it may
establish a foothold that ensures it will continue to run, even after reboots or the user logs off.
13
Google Hacking Database Categories:
Footholds: Once malware or a malicious exploit has bypassed your defences and run on your system, it may
establish a foothold that ensures it will continue to run, even after reboots or the user logs off.
13
Google Hacking Database Categories:
Footholds: Once malware or a malicious exploit has bypassed your defences and run on your system, it may
establish a foothold that ensures it will continue to run, even after reboots or the user logs off.
Sensitive Directories
13
Google dorks can be used
for footprinting virtual
private networks (VPNs)
14
Google Advanced Search.
Google Advanced Image Search
Google Image Search
TinEye Reverse Image Search
Yahoo Image Search
YouTube Metadata
MetaGer
NAPALM
FreewareWeb FTP File Search
Shodan
15
Gathering Information from IoT Search Engines
Internet of Things (IoT) search engines crawl the Internet for IoT devices that are publicly accessible.
an attacker can gain control of Supervisory Control and Data Acquisition (SCADA) systems, traffic control
systems, Internet-connected household appliances, industrial appliances, CCTV cameras, etc.
Many of these IoT devices are unsecured, i.e., they are without passwords or they use the default credentials,
which can be exploited easily by attackers.
attackers can obtain information such as the:
1. manufacturer details
2. geographical location
3. IP address
4. Hostname
5. and open ports of the target IoT device.
16
17
Footprinting through Web Services
18
Footprinting through Web Services
18
Footprinting through Web Services
You can also use the advanced Google search operator shown below to identify all the sub-domains of the target:
site:microsoft.com -inurl:www
18
Footprinting through Web Services
You can also use the advanced Google search operator shown below to identify all the sub-domains of the target:
site:microsoft.com -inurl:www
18
19
Spkkeo
Intelius
BeenVerified
Whitepages
PeekYou
20
21
22
In addition, the website
may have a key employee
list with email addresses.
23
24
Deep and Dark Web Footprinting
The surface web is the outer layer of the online
cyberspace that allows the user to find web pages and
content using regular web browsers.
The surface web can be accessed by browsers such as
Google Chrome, Mozilla Firefox, and Opera.
27
28
29
In this method, professionals
gather information ethically and
legally instead of gathering it
secretly.
29
In this method, professionals
gather information ethically and
legally instead of gathering it
secretly.
29
When Did this Company Begin? How Did it What Are the Company’s Plans?
Develop?
Information Resource Sites
Information Resource Sites • MarketWatch https://www.marketwatch.com
• EDGAR Database • The Wall Street Transcript
https://www.sec.gov/edgar.shtml https://www.twst.com
• D & B Hoovers https://www.dnb.com • Euromonitor https://www.euromonitor.com
• LexisNexis https://www.lexisnexis.com • Experian https://www.experian.com
• Business Wire http://www.businesswire.com
30
Competitive Intelligence Gathering
31
Google Earth
Google Finance
MSN Money
Opencorporates
Crunchbase
Corporationwiki
Giga Alerts
Reputology
Google Groups
EWEKA
recon-ng
32
Recon-ng (Assignment)
Recon-ng is a full-featured reconnaissance framework designed to provide a powerful environment to conduct
web-based reconnaissance quickly and thoroughly.
33
34
BuzzSumo
Google Trends
Hashatit
Ubersuggest
35
Followerwonk
36
Gephi
SocNetV
Assignments
NodeXL
37
gather sensitive
information about
the target such as
• date of birth
• educational
qualification
• employment status
• name of relatives
• and information
about the
organization that
they are working
for.
Social Searcher
38
Burp Suite
Wappalyzer
CentralOps
Website Informer
Assignments
39
40
Web Data Extractor
ParseHub
WebScarab
Assignments
41
42
HTTrack Web Site
Copier
Cyotek WebCopy
Assignments
43
Photon
https://archive.org
Assignments
44
Assignments
45
Email Footprinting
46
Email Footprinting
46
Email Footprinting
Loading…
• Email Received and Read: Notifies the attacker when the email is received and read by the recipient
• Read Duration: The time spent by the recipient in reading the email sent by the sender
• Proxy Detection: Provides information about the type of server used by the recipient
• Links: Checks whether the links sent to the recipient through email have been checked
• Operating System and Browser information: Reveals information about the operating system and the
browser used by the recipient.
• Forward Email: Determines whether the email sent to the user is forwarded to another person
• Device Type: Provides information about the type of device used to open and read the email, e.g., desktop
computer, mobile device, or laptop
• Path Travelled: Tracks the path through which the email traveled via email transfer agents from source to
destination system
46
Email Footprinting
46
Email Footprinting
46
Email Footprinting
46
Email Footprinting
46
Email Footprinting
46
Email Footprinting
46
Email Footprinting
46
Email Footprinting
46
Email Tracking Tools
47
48
SmartWhois
Assignments
49
IP Location Finder
Assignments
50
51
Locate the Network Range
• To perform network footprinting, one needs to gather basic and important information about the target
organization, such as what the organization does, who works there, and what type of work it does.
• These information will help to understand the internal structure of the target network and which machines in
the network are alive
• Widely used traceroute tools include Path Analyzer Pro and VisualRoute.
52
53
54
55
56
57
58
59
60
61