FootPrinting / Reconnaissance

Collecting information prior for exploiting a vulnerability. This would be the first step of an attack.

Benefits Of FootPrintng

  • Know the security posture of the target
  • Reduce the focus area or attack surface
  • Identify holes, vulnerabilities precisely
  • Network Map

Active FootPrinting

Active FootPrinting is direct engagement with the target. Involves the use of tools and techniques that can aid you in gathering more information about your target. active footprinting involves tasks that may be logged by the target’s systems so being stealth is key.

  • Social Engineering
  • Ping Sweep – Tools
    • nmap
    • traceroute
    • masscan
  • Data Mining using Data Miner

Since it makes a direct contact to the target Active Information Gathering would trigger the target’s IDS, IPS

Passive footprinting

Passive footprinting where the process never ‘touches’ the target. Passive information gathering uses publicly published information about the target organization by using,

  • Google Hacking(aka. Google Dorks)
  • The Wayback Machine;
  • Job postings
  • NetCraft
  • Whois search
  • NSlookup
  • EDGAR(Electronic Data Gathering
  • Analysis and Retrieval System)
  • Dumpster Diving and more

Leave a comment

Your email address will not be published. Required fields are marked *