In our previous article we have discussed a
brief introduction of footprinting for gathering information related to the
specific person. As we had discussed that there are so many type of
footprinting and today we are going to talk about DNS footprinting, website footprinting
and whois footprinting.
Browsing the target Website may Providing
Whos is Details
Software used and version
OS Details
Sub Domains
File Name and File Path
Scripting Platform & CMS
Details
Contact Details
Let’s start!!
Whois
footprinting
WHOIS (pronounced as the phrase who is) is a query
and response protocol
and whois footprinting is
a method for glance information about ownership of a domain name
as following:
·
Domain name details
·
Contact details contain phone no. and email
address of owner
·
Registration date for domain name
·
Expire date for domain name
·
Domain name servers
From Wikipedia
Whois Lookup:
It is broadly used in support of querying databases that store the registered users or assignees of
an Internet resource, such as a domain name, an IP address block, or
an autonomous system, but is also used for a wider range of other
information. The protocol stores and delivers database content in a
human-readable format.
For example: let’s search pentestlab.in
Now you can
see it has created a whois record for pentestlab.in where it contains details
like: email address,IP, registrant Org.
From given record anyone can guess that this domain have some connection to raj
chandel. Then attacker needs to perform footprinting on raj chandel taking help
from previous article.
There is so
many other tools use for whois footprinting for example:
Ø Caller IP
Ø Whois Analyzer pro
Ø Whois lookup multiple address
DNS Footprinting
Attacker performs DNS footprinting in order to enumerate DNS
record details and type of servers. There are 10 type of DNS record which
provide important information related to target location.
1.
A/AAAA
2.
SVR
3.
NS
4.
TXT
5.
MX
6.
CNAME
7.
SOA
8.
RP
9.
PTR
10. HINFO
Domain Dossier: it is an
online tool use for complete DNS footprinting as well as whois footprinting.
There
are so many online tool use for DNS footprinting , using domain dossier we will
check for DNS records of penetstlab.in, select the check box for DNS records and traceroute and then click on
go.
You can observe that, the
data which we received from whois lookup and from domain dossier is same in
some extent. It has given same email ID as above i.e. rrajchandel@gmail.comand moreover details of DNS records TXT, SOA, NS, MX,
A and PTR.
DNS Dumpster: it is also an
online use for DNS footprinting.
DNSdumpster.com is a FREE domain research tool that can discover
hosts related to a domain. Enumerate a domain and pull back up to 40K
subdomains, results are available in a XLS for easy reference.
Repeating same process for pentestlab.in, it will search for its
DNS record. From given screenshot you can observe we have received same details
as above. More it will create a copy as output file in from XLS.
You get signal: it is also
an online tool use for DNS footprinting as well as for Network footprinting
A
reverse IP domain check takes a
domain name or IP address pointing to a web server and searches for other sites
known to be hosted on that same web server. Data is gathered from search engine
results, which are not guaranteed to be complete
Hence we get the IP 72.52.229.111 for pentestlab.inmoreover it dumped the
name of 14 other domain which are
hosted on same web server.
It is technique use for
extracting the details related to website as following
1.
Archived description
of website
2.
Content
management system and framework
3.
Script and platform
of the website and webserver
4.
Web crawling
5.
Extract meta data
and contact details from website
6.
Website and web
page monitoring and analyzer
Archive.org: It is an online tool use for visiting
archived version of any website.
Archive.org has search option
as wayback machine which is like a
time machine for any website. It contains entire information from past till
present scenario of any website either their layout or content everything
related to website is present inside. In simple words it contains history of
any website.
For example I had search for hackingarticles.in archived record of 2012.
Built With: It is an
online tool use for detecting techniques and framework involved inside running
website.
BuiltWith.com technology
tracking includes widgets, analytics, frameworks, content management systems,
advertisers, content delivery networks, web standards and web servers to name
some of the technology categories.
Taking example of hackingarticles.in again we
found following things:
·
Content
Management system: wordPress
·
Framework:
PHP
Whatweb
Whatweb can identify all sorts
of information about a live website, like: Platform, CMS platform, Type of Script,
Google Analytics, Webserver Platform, and IP address Country. A pentester can
use this tool as both a recon tool & vulnerability scanner.
Open the terminal in kali
Linux and type following command
Whatweb www.pentestlab.in
As result we
receive same information as above
Web crawling
HTTrack is a free and open
source Web crawler and offline browser, developed by Xavier
Roche
It
allows you to download a World Wide Web site from the Internet to a local
directory, building recursively all directories, getting HTML, images, and
other files from the server to your computer. HTTrack arranges the original
site’s relative link-structure.
http://www.hackingarticles.in/5-ways-crawl-website/
Web Data Extractor
Web Data Extractor Pro is a web scraping tool specifically designed for
mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as
meta tag information and body text. Special feature of WDE Pro is custom
extraction of structured data.
Start new project Type
target URL as ignitetechnologies.in and select folder to save the output and
click on ok.
Now this tool will extract meta data, email contact no. and etc
from inside the target URL.
From given screenshot you can see
it found 40 meta tags1 email 84-phone
number from ignitetechnologies.in website.
Similarly there other tool use as
web data extractor:
Web spider
Website-Watcher is a powerful yet simple
website-monitoring tool, perfectly suited to the beginner and advanced user
alike. You can download it fromhere.
Using new tab and enter target URL which
start monitoring the target website.
For example I enter
URL hackingarticles.in for monitoring this website.
Similarly there are
some other tool uses for monitoring:
On web change
Follow that page
Informinder