FootPrinting-First Step Of Ethical Hacking

Footprinting is a first step that a penetration tester used to evaluate the security of any IT infrastructure, footprinting means to gather the maximum information about the computer system or a network and about the devices that are attached to this network. 

Footprinting is a first and the important step because after this a penetration tester know how the hacker sees this network.

To measure the security of a computer system, it is good to know more and more as you can because after this you will able to determine the path that a hacker will use to exploit this network.



This is the basic block diagram which shows the steps that are include in the penetration testing methodology, in this article we will discuss the first one that is footprinting. The EC-Council divides footprinting and scanning into seven basic steps. These include

1. Information gathering
2. Determining the network range
3. Identifying active machines
4. Finding open ports and access points
5. OS fingerprinting
6. Fingerprinting services
7. Mapping the network

Information of a organisation means to finding these:
p { margin-bottom: 0.08in; }
Internet: Domain name, network blocks, IP addresses open to Net, TCP and UDP services running, ACLs, IDSes
Intranet: Protocols (IP,NETBIOS), internal domain names, etc
p { margin-bottom: 0.08in; }
p { margin-bottom: 0.08in; }
Remote Access: Phone numbers, remote control, telnet, authentication
Extranet: Connection origination, destination, type, access control  
p { margin-bottom: 0.08in; }
Website on an organisation is a first place from where penetration testing start, you can get the sensitive information about the network by using websites, you can get Phone Numbers, Contact Names, E-mail Addresses, and Personal Details. Beside the official website of the company an attacker might be use some social networking website like facebook to gather the appropriate information. Some other resources and a website that an attacker may use to get the maximum information about the organisation and it employees are:
zabasearch.com—Contains names, addresses, phone numbers, date of birth, and other information about individuals.
anywho.com—Phone book offering forward and reverse lookups.
maps.yahoo.com—Yahoo! map site. 
You can use the facility of a search engine to perform footprinting,search engine like google, yahoo or altavista provide the plate form to gather the information. Advance google dorks may be use to get the information like:
Filetype: This operator directs Google to search only within the test of a particular type of file.
        Example: filetype:xls

Inurl: This operator directs Google to search only within the specified URL of a document.
     Example: inurl:search-text

Link: The link operator directs Google to search within hyperlinks for a specific term.
    Example link:www.domain.com

Intitle: The intitle operator directs Google to search for a term within the title of a document.
       Example intitle: “Index of…etc”


Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.