Collecting information prior for exploiting a vulnerability. This would be the first step of an attack.
Benefits Of FootPrintng
- Know the security posture of the target
- Reduce the focus area or attack surface
- Identify holes, vulnerabilities precisely
- Network Map
Active FootPrinting
Active FootPrinting is direct engagement with the target. Involves the use of tools and techniques that can aid you in gathering more information about your target. active footprinting involves tasks that may be logged by the target’s systems so being stealth is key.
- Social Engineering
- Ping Sweep – Tools
- nmap
- traceroute
- masscan
- Data Mining using Data Miner
Since it makes a direct contact to the target Active Information Gathering would trigger the target’s IDS, IPS
Passive footprinting
Passive footprinting where the process never ‘touches’ the target. Passive information gathering uses publicly published information about the target organization by using,
- Google Hacking(aka. Google Dorks)
- The Wayback Machine; Archieve.org
- Job postings
- NetCraft
- Whois search
- NSlookup
- EDGAR(Electronic Data Gathering
- Analysis and Retrieval System)
- Dumpster Diving and more