What is Footprinting?

What is Footprinting?

What is Footprinting? – Footprinting is the process of collecting as much as information as possible about a target network. for identifying various ways to intrude into an organization’s network system.

Footprinting is the first step of any attack on information system; attacker gathers publicly available sensitive information, using which she/he perform social engineering, system and network attack. etc that leads to huge financial loss and loss of business reputation.

Know Security Posture

Footprinting allows attackers to know the external security postures of the target organizations.

Reduce Focus Area

It reduces attacker’s focus area to specific range of IP address, networks, domain names, remote access.

Identify Vulnerability

It allows attacker to identify vulnerabilities in the target systems in order to select appropriate exploits.

Draw Network Map

It allows attackers to draw a map or outline the target organization’s network infrastructure to know about the actual enviorment that they are going to break.

Objectives of Footprinting

Collect Network Information

Domain Name , Internal domain names , Network blocks , IP address of the reachable systems , Private websites.

TCP and UDP services running , Access control mechanisms and ACL’s , Networking protocols , VPN Points

IDSes running , Analog/digital telephone numbers , Authentication mechanisms , System enumeration.

Collect System Information

User and group names , System banners , Routing Tables , SNMP information.

System architecture , Remote system type , System names , Password.

Collect Organization’s Information

Employee details , Organization’s website , Company directory , Location details , Address and phone numbers , comments in HTML source code.

Security policies implemented , Web server links relevant to the organization’s , Background of the organizations , News articles , Press Release.

Footprinting Through Search Engines

Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and othe types of advanced systems attacks

Search for the target company’s external URL in a search engine such as Google, Bing , Duck Duck Go, etc.

Also Read: How to hack wifi using kali linux

Determining the Operating System

Use the Netcraft tool to determine the OS in use by the target organizations.

And Also Use SHODAN search engine that lets you find specific computers ( router, servers, etc) using a variety of filters.

Collect Location Information

Google Earth – use Google Earth tool to get the physical location of the target.

Google Maps

Bing Map

People Search: Social Networking Sites/People Search Services

Social Networking sites are the great source of personal and organizational information Like, Facebook , Twitter, Instgram, Linkedin , etc.

Gather Information From Financial Services

Financial services provides a useful information about the target company such as the market value of a company’s share, company profile, competitor details.

Google Finance

Yahoo Finance

Footprinting Through Social Engineering

There are various techniques that fall in this category. A few of them are:

  • Eavesdropping – Attacker tries to record personal conversation of the target victim with someone that’s being held over communication mediums like Telephone.
  • Shoulder Surfing – In this technique Attacker tries to catch the personal information like Email id, password, etc; of the victim by looking over the victim’s shoulder while the same is entering(typing/writing) his/her personal details for some work.

Sometimes the attacker may trick the victim to grab his personal information. A method that can be used for this is by the method “PHISING”. (PHISING – Its basically creating fake webpages of some websites to trick a naive internet user to grab his personal data. Mostly email-id and passwords of social media accounts.).

For More Hacking Content Click Here

Related posts

Leave a Comment