Showing posts with label footprinting. Show all posts
Showing posts with label footprinting. Show all posts

Beginner Guide to Footprinting

There are many saying about know your enemy, time and time again these saying have proved to be true. Today we hear all around the work of hackers and many-a-times we fail to protect ourselves. This happens because we are not familiar of their working process. Therefore, in this article we are here to make to accustomed to the first step of the process i.e. Footprinting.

In the world of Cyber Security, Footprinting is the first step which lets penetration testers gather information about hardware or network. It is basically an exploration process which helps us to know our enemy. In order to complete penetration process, one ought to gather as much information as possible.  Footprinting can be done either actively or passively. Assessing a company’s website with their permission is an illustration of passive footprinting and trying to access sensitive information through social engineering is an illustration of active information gathering.

Types of Footprinting:

·         Footprinting through Search Engine
·         Footprinting through social engineering
·         Footprinting through Social Networking sites
·         Website Footprinting
·         Competitive Intelligence
·         WHOIS Footprinting
·         Footprinting using advanced Google hacking techniques
·         Email Footprinting
·         DNS Footprinting
·         Network Footprinting

As this is the first part of our footprinting series, we will discuss first three types of footprinting.

Footprinting through Search Engine

Footprinting through search engine is unambiguous in itself. People often wonder what one can find through search engine as the common concept of search engine is basic exploring. But results given by search engine can be used to hacker’s advantage as they are vast in nature.

Attackers use search to gather information about their target such as technology platforms, employee details, log in pages, intranet portals, etc. which helps in performing social engineering and/or other types of advanced system attacks.

Even search engine cache and internet archives may provide sensitive information that has been removed from World Wide Web (WWW).

There are many search engines where you can find anything that desire from finding a meaning of the word to finding a person. Such search engines are:

Now let’s take example of If I search “Raj Chandel” in Google, then it will give me every possible result associated with the said person.

Same will be the result from other search engines. But different search engines are often used for particular searches. As shown above Google is good for general information. If you want to know that which websites are hosted on a particular server then you can use Bing search engine. To know an IP address of any website just ping the website as shown below

Now, open and type the IP in the search tab and press enter.

So like this, Bing can give you details about websites which are hosted in same server

Another search engine is, it helps to locate various open ports, vulnerable IP’s, and effected digital-ware all over the world.  Open in your browser and search for port or IP.

For a detailed tutorial of please follow this link:

Footprinting through jobs seeking sites

Similarly, you can collect abundance of information through job sites. You can know about company’s infrastructure details, employee’s profile, hardware information, software information. Some of such sites are:

Footprinting through Alerts

There is also a feature of adding alerts. This feature gives you an alert if anything is changed in particular website; given that you have added an alert to the said website. To do so, open and type the name of the website that you wanted to alerted about. And then click on create alert.

And this way an alert will be created.

Footprinting through Social Networking sites

Attackers use social networking sites like Facebook, Twitter, and Pinterest etc. to gain important and sensitive data about their target. They often create fake profiles through these social media to lure their target and extract vulnerable information.

Employees may post personal information such as DOB, educational and employment background, spouse’s names, etc. and information about their company such as potential clients and business partners, trade secrets of business, websites, company’s upcoming news, mergers, acquisitions, etc.
Even the information about the employee’s interest is tracked and then they are trick into revealing more information.

Now if you want to search particular person using just their name or email then there are specialized websites for it like and

Open and type the name of the person you want to search about. For instance I have searched my own name and as you can see in the image below we get positive result.

Now open, here you can search for people using their email and much more. Here, I have searched through email (using my own email) and there are positive result in the image below.

Footprinting through social engineering

Social engineering is an art of manipulating human behavior to our own advantage. This proves most helpful when the need of extraction of confidential information. To do so, we have to depend on the fact that people are unaware of their valuable information and have no idea about being exploited. The most common example for this is when people call as fake credit/debit card companies and try to extract information.

Techniques used for social engineering are:

Shoulder surfing
Dumpster diving

Impersonation on social networking sites

This is how footprinting is done through search engines, social networking sites and social engineering. As white hat hackers we should know about it but we should also be aware try to protect ourselves from black hat hackers against footprinting.

SimplyEmail: Email Recon Tools (Email Footprinting)

What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.

Open Kali Linux Terminal and type

Git clone

Now type to install the setup

Now run the following command it will gather all email ids in different sources
./ -all -e

Report will be saved in SimpleEmail Folder.

6 ways to Find Connected PC in your Network (Beginner Guide)

Fast Resolver
FastResolver is a small utility that resolves multiple host names into IP addresses and vice versa. You can simply type the list of IP addresses or host name that you want to resolve, or alternatively, you can specify IP addresses range that you want to scan. For local network, FastResolver also allows you to get the MAC address of all IP addresses that you scan. FastResolver is a multithreaded application, so it can resolve dozens of addresses within a few seconds.

Download Fastresolver form here and click fastresolver icon and select the IP range and click on ok.

Advanced IP Scanner
Advanced IP Scanner is a fast, robust and easy-to-use free IP scanner for Windows. In a matter of seconds, this utility finds all the computers on your network and provides easy access to their various resources, whether HTTP, HTTPS, FTP or shared folders. With Advanced IP Scanner, you can wake up and shut down remote groups of Windows machines.

Download advanced IP scanner from here. Click on the icon and enter the IP range. Click on scan.

SoftPerfect Network Scanner

SoftPerfect Network Scanner is a free multi-threaded IPv4/IPv6 scanner with a modern interface and many advanced features. It is intended for both system administrators and general users interested in computer security. The program pings computers, scans for listening TCP/UDP ports and discovers shared folders, including system and hidden ones.

Download SoftPerfect from here. Open the tool and enter the range to scan then click on start scanning.

Angry IPScanner

Angry IP scanner is a very fast IP address and port scanner. It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.

Download Angry IPScanner from here. Open the tool and enter the range and then click on start.

Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.
Open Kali Linux terminal and write netdiscover. This will show the IPs of the systems in the network.

The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features.

Download Nmap from here. Open the tool and then enter the range. then select the type of scan then click on scan.

Extract the metadata Information of Any website using Foca

FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages, and can be downloaded and analyzed with FOCA.

It is capable of analyzing a wide variety of documents, with the most common being Microsoft Office, Open Office, or PDF files, although it also analyzes Adobe, In Design or SVG files, for instance.

First of all, download the FOCA from the given below link.

Now click on Project & then select New Project.

Now enter the Project Name, name of the website and name of the folder where we have to save the documents and click on create to proceed further.

Now enter the name of the file where documents will be saved and click on save.

Now it will show Document collecting window, click on Search All option.

Now it will show the list of documents. Now right click on the URL and click on Download to save it in the specified folder.

Protos-IP Protocol Scanner

Protos is an IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.

First Open Your backtrack and Follow these path
Applications->BackTrack -> Information Gathering -> Network Analysis -> Route Analysis -> protos

You can start it with./protos –I eth0 –d (IP) -v

Usage: ./protos -i eth0 -d -v
 -v                           verbose
 -V                          show which protocols are not supported
 -u                           don't ping targets first
 -s                           make the scan slow (for very remote devices)
 -L                           show the long protocol name and it's reference (RFC)
 -p x                       number of probes (default=5)
 -S x                        sleeptime is x (default=1)
 -a x                        continue scan afterwards for x seconds (default=3)
 -d dest destination (IP or IP/MASK)
 -i interface         the eth0 stuff
 -W                         don't scan, just print the protocol list

Jigsaw - Email Enumeration Tool

Jigsaw.rb is a simple ruby script for enumerating information about a company's employees. It is useful for Social Engineering or Email Phishing.

First Download jigsaw script here and save in your desktop

Now unzip the file unzip

You can start it with./jigsaw.rb –s

Jigsaw usage Example
-i, --id [Jigsaw Company ID]     
The Jigsaw ID to use to pull records
-s, --search [Company Name]     
Name of organization to search for
-r, --report [Output Filename]  
Name to use for report EXAMPLE: '-r facebook' will generate 'facebook.csv'
        -v, --verbose                   
Enables verbose output

URLCrazy-Domain Name Typo Tool

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

  • Generates 15 types of domain variants
  • Knows over 8000 common misspellings
  • Supports cosmic ray induced bit flipping
  • Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)
  • Checks if a domain variant is valid
  • Test if domain variants are in use
  • Estimate popularity of a domain variant
  • URLCrazy requires Linux and the Ruby interpreter

First download urlcrazy from here and save on your desktop
Now untar the file tar -zxvf urlcrazy.tar.gz

You can start it with./urlcrazy

Tools of Extract Data (Extract Information from Web Page)

Web Data Extractor: Web Data Extractor, a powerful and easy-to-use application which helps you automatically extract specific information from web pages.

Spider FootSpiderFoot is a free, open-source, domain footprinting tool. Given one or multiple domain names (and when I say domains, I'm referring to the DNS kind, not Windows domains), it will scrape the websites on that domain, as well as search Google, Netcraft, Whois and DNS to build up information like:
  • Subdomains
  • Affiliates
  • Web server versions
  • Users
  • Similar domains
  • Email addresses
  • Netblocks 

Robtex: RobTex is a software developer which was founded in 1989 developing all kinds of software.In recent years main focus has been on Internet related software.Currently the most popular has been free tools like and network explorer.

Steps to Perform Footprinting

Perform whois lookup for personal details

Extract DNS information

Mirror the entire website and look up names

Tool: HTTRACK Website Copier, Web Snake
Extract archives of the website

Google search for company’s news and press releases

Use people search for personal information of employees

Find the physical location of the web server using the tool “NeoTracer”
Tool: NEO Tracer
Analyze company’s infrastructure details from job postings

Track the email using “”

Footprinting (Part 1)

Footprinting is the technique of gathering information about computer systems and the entities they belong to. This is done by employing various computer security techniques, as:
DNS queries
Network enumeration
Network queries
Operating system identification
Organizational queries
Ping sweeps
Point of contact queries
Port Scanning
Registrar queries (WHOIS queries)

Why is Footprinting Necessary
Footprinting is necessary to systematically and methodically ensure that all pieces of information related to the aforementioned technologies are identified.

Information Gathering  Methodology

1.       The attacker would first unearth initial information (such as domain name), 
2.       locate the network range of the target system (using tools such as Nslookup, whois etc),
3.       Ascertain the active machines (for instance by pinging the machine), 
4.       discover open ports or access points (using tools such as port scanners), 
5.       Detect operating systems (for instance querying with telnet), 
6.       Uncover services on ports and 
7.       Map the network.

Extracting Archive of a Website
 You can get all information of a company’s website since the time it was launched at

People Search

Best People Search

Profile Search by Email

Name Check

Namecheck provides you with a free search report to reveal if your brand has been taken as a domain name, social media username or trademark.

Footprinting Through Job Sites