Skip to content

02.md

Latest commit

 

History

History
148 lines (143 loc) · 4.83 KB

02.md

File metadata and controls

148 lines (143 loc) · 4.83 KB

Module 2 - Footprinting

concepts

  • passive footprinting:
    • Finding information through search engines (google dork, GHDB)
    • Finding the Top-level Domains (TLDs) and sub-domains of a target through web services
    • Collecting location information on the target through web services
    • Performing people search using social networking sites and people search services
    • Gathering financial information about the target through financial services
    • Gathering infrastructure details of the target organization through job sites
    • Collecting information through deep web (web pages hidden and unindexed) and dark web (subset of deep web with anonymous navigation) footprinting
    • Determining the operating systems in use by the target organization
    • Performing competitive intelligence o Monitoring the target using alert services (google alerts or twitter alerts and ORM - online reputation management)
    • ORM (online reputation management))
    • Gathering information using groups, forums, blogs, and NNTP Usenet newsgroups
    • Collecting information through social engineering on social networking sites
    • Extracting information about the target using Internet archives
    • Gathering information using business profile sites
    • Monitoring website traffic of the target
    • Tracking the online reputation of the target
  • active footprinting:
    • Querying published name servers of the target
    • Searching for digital files
    • Extracting website links and gathering wordlists from the target website
    • Extracting metadata of published documents and files
    • Gathering website information using web spidering and mirroring tools
    • Gathering information through email tracking
    • Harvesting email lists
    • Performing Whois lookup
    • Extracting DNS information
    • Performing traceroute analysis
    • Performing social engineering
  • footprinting objectives:
    • Know Security Posture
    • Reduce Focus Area
    • Identify Vulnerabilities
    • Draw network map
  • footptinting threats
    • social engineering
    • system and network attacks
    • information leakage
    • privacy loss
    • corporate espionage
    • business loss
  • footprinting metodology:
    • search engines
      • google dork syntax
      • image reverse search
      • video data search
      • meta seach engines
      • ftp search engines
      • IoT search engines
    • TLD and subdomains:
      • site:microsoft.com -inurl:www
    • financial services
    • job services
    • deep/dark web footprinting
    • operating system footpriting (shodan, censys)
    • VoIP and VPN (shodan)
  • competitive intelligence gathering
    • direct approach
    • indirect approach
  • location search
  • website footprinting
    • examinate responses
    • examinate sourcecode
    • examinate cookies
    • using web spiders
  • mirror entire web site
  • extract web site information (archive.org)
  • extract web site links
  • extract words from the target website -> for password cracking
  • email tracking
  • whois lookups
  • ip geolocation information
  • DNS information (DNS records)
    • A -> IPv4 address of a given domain
    • AAAA -> IPv6 address of a given domain
    • MX -> domain's mail server
    • NS -> host's name server
    • CNAME -> aliases to host
    • SOA -> Start of Authority
    • SRV -> service records
    • PTR -> ip address to hostname
    • RP -> responsible person
    • HINFO -> host information include CPU and OS
    • TXT -> unstructured text record (usually used for comments)
  • SOA stores important information about a domain or zone
    • the primary name server of the domain
    • the email address of the admin
    • the last update of domain
    • the time the server should wait before the refresh
    • it can specify how long does a DNS poisoning will last.

When the serial number within the SOA record of the primary server is higher than the Serial number within the SOA record of the secondary DNS server, a zone transfer will take place.

  • reverse DNS lookup using dnsrecon
    • dnsrecon -r 162.241.216.0-162.241.216.25
  • locate network range (using arin tool)
  • traceroute
    • icmp
    • tcp
    • udp
  • footprinting through social engineering:
    • eavesdropping
    • shoudler surfing
    • dumpster diving
    • impersonation
  • footprinting countermeasures

tools

  • GHDB
  • youtube data viewer
  • netcraft
  • sublist3r
  • people search services
    • intelius
    • been verified
    • whitepages
    • peekyou
  • theharvester
  • email spider
  • tor browser
  • shodan
  • censys
  • buzzsumo
  • followerwonk
  • sherlock
  • social searcher
  • httrack
  • octoparse
  • CeWL
  • metagoofil
  • email tracking tools
  • burp
  • dnsrecon
  • traceroute
    • path analyzer pro
    • visualroute
  • arin
  • maltego
  • recon-ng
  • foca
  • osrFramework
  • OSINT Framework

Back to index | Go to next module