November 22, 2023

What is Footprinting and How to do it?

By Ovais Mirza

Footprinting starts with determining the intrusion’s location and goal. Once this is known, non-intrusive methods are used to gather specific information about the organization. For example, if the hacker needs to use social engineering to achieve the goal, the organization’s Web page may provide a personnel directory or employee bios. A whois query on the Internet returns the domain names and associated networks associated with a specific company.

Other data gathered could include learning about Internet technologies, operating systems, and hardware, IP addresses, e-mail addresses, and phone numbers, as well as policies and procedures.

Footprinting is the process of collecting data about a specific network environment on a computer, usually to find ways to intrude into the environment. Footprinting can reveal system flaws and make it easier to exploit them.

Also Read: How to hide payload behind images and What is Termux and how do we use it?

During the footprinting phase, a hacker can collect the following information –

  • Domain name
  • IP Addresses
  • Namespaces
  • Employee information
  • Phone numbers
  • E-mails
  • Job Information

How can attackers benefit from footprinting?

  • Footprinting allows attackers to learn about the target organization’s security posture.
  • It assists attackers in narrowing their focus to a specific range of IP addresses, networks, domain ranges, and so on.
  • It can also assist attackers in choosing appropriate exploits by allowing them to identify vulnerabilities in target systems.
  • It may enable attackers to draw a network map or outline the target organization’s network infrastructure to gain a better understanding of the environment they will breach.

Also Read: How to Hack WordPress Website and How to use John the Ripper

How to do Footprinting?

Given below are the steps to do footprinting:

Search

It all begins with our web browsers. Everything about any website can be found on the internet. If you want information about any site, you just have to search it on the browser. All you have to do is open your browser and type the name of the site into the address bar. The URL, which is the first piece of information you have, will now appear.

Not only this proper search can help attackers extract information about a target such as technology platforms, employee details, login pages, intranet portals, and other types of advanced system attacks, but it can also help them perform social engineering and other types of advanced system attacks.

Ping

Now that you have the URL of your target, you can use the Ping command to get the ip of the URL:

ping target.com

Whoois Lookup

Whois Lookup is a tool for determining DNS, domain names, name servers, and IP addresses, among other things. Simply click here and type in your desired IP address.

Alternatively, you can use Kali Linux’s whois command.

whoistarget.com

Nslookup

NsLookup makes a query to the specified DNS server and retrieves the requested records for the domain name you specified. This command displays information such as the IP addresses associated with a domain name.

nslookuptarget.com

What Web

The purpose of this tool is to answer the question, “What is that Website?” Platform, Type of script, Google Analytics, Web Server Platform, IP Address, Country, Server Headers, Cookies, and much more can be gathered. In your Linux console, simply type the following command:

whois target.com

p0f

It’s a method for determining the operating system and other configuration properties of a remote host by analysing the structure of TCP/IP packets. p0f is a forensic tool that can be used to examine a compromised or infected system. Running p0f is as simple as this:

  • Enter p0f in a Linux terminal.
  • In any browser, open your target host and begin exploring it.

The client will begin interacting with the server once the connection has been established.

You can join also cyber security course in Delhi from DICC to learn practically about How to do Footprinting?

Recon-ng

With its independent modules, keys list, and other modules, Recon-ng, a Python tool, is specifically used for information gathering.

Now let’s see if we can use one of the modules that don’t require an API key. There are several, but we’ll use XSSposed to scan for XSS (cross-site scripting) vulnerabilities.

Simply type recon-ng in your Linux command line or Go to Application-Information Gathering- recon ng.

For any help, you can simply enter:

recon-ng > help

Now, we need to load the module:

recon-ng > use recon/domains-vulnerabilities/xssposed

The only option we need is the website we want to scan, as you can see above. Let’s take a look at microsoft.com. To do so, we must first set the source.

recon-ng > set SOURCE microsoft.com

After that, tell Recon-ng to go:

recon-ng > run

Google Dork:

The query string can be used as a search term and as a keyword. To gather information about the target host, Google Advanced Search Operators can also be used. You can find more information about Google Dork by following this link.

You can also lookup different search terms that have been found to reveal sensitive data exposed by vulnerable servers and web applications in the Google Hacking Database (GHD).

Also Read: Nmap Cheat Sheet Tutorial and How to become a Cyber Security expert in India

Nikto:

Nikto is a Web Server Scanner that looks for potentially dangerous files and out-of-date service software, all of which can be exploited and used to hack a network. These findings can be used to determine the network or application’s weaknesses, from which you can select appropriate attacks to hack the network.

  • Enter nikto in your Kali Linux Terminal to run Nikto.
  • To learn more about the commands, open the help file:
nikto –help    

Lastly, scan the target host:

nikto -h targetIP 

command 

nikto -h targetc.com -o nikto_results -F txt            

-o stands for Output and -F for File Type, which in this case is txt. Press Enter to save the result txt file to your desktop.