Footprinting is an ethical hacking process of gathering information about the target and its environment. This is a pre-attack stage and maximum efforts are deployed to ensure that the operations conducted are executed under stealth and target can’t trace back you. In the footpriting process several information gathering techniques and tools are used.
A hacker can use several freely available resources to gather maximum information passively. In this process no direct contact is made with the target. The information gathered through footprinting is crucial for later steps/attacks.
Footprinting – List of Information Gathering Techniques
There are many techniques and tools used in footprinting. There is no predefined sequence of task in footprinting. You have to gather the maximum possible information therefore you use following sources.
Websites Footprinting: Just by visiting the target’s website you can collect great amount of information about them such as their emails addresses, partners, client’s list, physical addresses of their offices and HR openings etc.
Website can be further analyzed for error pages. Errors can appear if you put invalid data in search box or contact form. Errors can reveal details about website content management system software, its version, scripting and type of server used – linux or windows etc.
Whois Database Lookup: Whois lookup is an important step in information gathering process. Whois lookup against any website can reveal information about computer servers on which website is hosted & its location. Whois lookup also displays name, address and contact numbers of technical staff, domain owner and domain registrar.
WHOIS Lookup Websites:
Search Engines Hacking: Marking a search query against your target in search engines (Google, Yahoo & Bing etc.) can also reveal great amount of information if used properly. Google Advance search or Google Hacking can help to locate more detailed information like company policies, employee’s details & online hidden pages etc.
Company’s details and reviews can be found at different blogs, website, reviews portal, forums etc.
Google Search Command: site:facebook.com “himanshu negi” + “hacking”
The above Google search query target facebook.com for all the persons having name Himanshu Negi and talking about “Hacking”.
Similar Domain Search: If example.com is your target’s website then you can look at example.in, example.net, example.org for a worldwide variety sources. Further, looking for in.document.com, uk.document.com (country basis) or en.document.com (language basis) can reveal more useful information.
Same company may have different works at different countries and may be presenting different information in different languages. Similar domain search is important information from all different aspects and dimensions.
Try: touch.facebook.com, mbasic.facebook.com, facebook.com.
Negative Website Search: Negative website search against targets website can reveal some websites that gives insight into the problems which exist inside the organization. Suppose, your target is example.com then you may find example-company-sucks.com.
Paypal.com is a payment gateway website/company that helps to buy/sell stuff online and facilitate money transaction across borders worldwide. But below is the image of website that tells different story.
Social & Business Networking Websites: If you want more detailed information about a company or person then you must take a look at websites like linkedin.com, Google+ and similar. They can reveal some detailed business information and their professional connections.
Facebook website may have fake profiles/pages and non-official groups about a company. FB may not have trusted information about a company or person but sites like linkedin.com which is a professional social networking website usually have trusted information and frequently updated profiles and pages with insight information and great detailed.
Top Social Professional Websites: https://www.linkedin.com
People search/look-up websites may also prove helpful.
Classified/Job Websites: If you want to really know what a company’s offers and stuff and services the company sells then you must search information about the company at different classified sites. You’ll find some real working contact address and insight information.
Classified/Job sites may reveal some HR openings that may have information about the software and technologies that the target company uses. As they are looking for employees those work with the same technology they use, they generally reveal great information here.
Some Websites to Try:
and many-many more.
Internet History – Achieve Pages: Footprinting also includes looking for information that was deleted from the website. Internet way-back machine can help you to find pages that are now history. Archive.org is a website established in 1996 which manages to achieve webpages of almost all websites.
Information or pages deleted from a website may have some ex-employees information. These ex-employees can be called and may reveal some great information about their ex-company and work.
DNS Footprinting – MX Entry: DNS (domain name system) records look can reveal great amount of information including MX entry which indicates where and which email application or services are being used. This information can be used later to exploit mail services and accounts.
DNS Lookup Websites
Trace Route: tracert is a command that can used in both linux and windows which is used to trace path between a user and target system machines. Some websites also facilitate tracert/trace-routing.
Finally, Footprinting includes some great techniques to gather information passively. It is legal as long as you don’t misuse the collected information. These steps and techniques are very simple and any no-technical person can enjoy this but mind that it’s also very effective.
Footprinting is vital for all the hacking or information gathering steps you perform next.