Hello friend, today we gonna learn what footprinting is, steps involved in it.
Footprinting is the process of accumulating data regarding a specific network environment for the purpose of revealing system vulnerabilities. It is the very first step in information gathering which provides a blueprint of the target system or a network. So basically, footprinting is all about gathering as much information as possible about a website available over the internet.
If an organization wants to protect their systems from attacks, they must take measures to thwart potential attacks. They must conduct their own footprinting to find ways to intrude into their environment. Going through the process of footprinting can reveal system vulnerabilities and help put in measures and processes to minimize or eliminate their exploitation.
Footprinting uses various security techniques such as DNS queries, network enumeration, network queries, operating system identification, organizational queries, ping sweeps, point of contact queries, port scanning, and registrar queries (WHOIS queries) to collect their information.
User and Group ids’, system banners, routing tables, SNMP information, system architecture, passwords, policies. email addresses, domain names, network blocks, IP addresses of reachable systems, private websites, TCP and UDP services running, VPN points, ACLs, IDSes running, analog or digital telephone numbers, authentication mechanisms, etc are gathered by footprinting.
Steps involved in Footprinting:
- Finding companies external and internal URLs: An attacker can find a company’s URL using various types of tools, such as Google search engine, various types of news groups, blogs for sensitive data, etc.Internal URLs provide an insight into different departments and business units in an organization. You can also use trial and error methods.
- Performing WHOIS lookup: The attacker can use whois queries to determine the IP address ranges associated with clients. A whois query can be run on most UNIX environments. In a Windows environment, the tools such as WsPingPro and Sam Spade can be used to perform whois queries. Whois queries can also be executed over the Web from www.arin.net and www.networksolutions.com.
- Extracting DNS information: The Domain Name System (DNS) is a hierarchical distributed naming system connected to the Internet or a private network. It translates domain names meaningful to humans into the numerical identifiers associated.
- Mirroring the entire Website: Website mirroring is a type of information gathering attack in which an attacker downloads a copy of an entire Website to the local hard disk for footprinting.
- Searching in Google for personal information of employees: The attacker/penetration tester can use Google, Yahoo people search, Yahoo finance, Google finance, Anacubis.com, people-search-america.com, bestpeoplesearch.com, etc.
- Locating the network range: In this type of footprinting attack, the attacker finds the range of IP addresses and discerns the subnet mask.
- Analyzing companies’ infrastructure details from job postings: In this type of footprinting attack, the hacker/penetration tester can gather company’s infrastructure details from job postings. Job posting sites can be helpful in determining job requirements, employee profile, hardware information, software information, etc.
- Tracking email: E-mail tracking is a method for monitoring the e-mail delivery to the intended recipient.