Data & Software Security

Computer science / Cybersecurity

Lab 04
Reconnaissance
Reconnaissance (Footprinting)

• The first step to ethical hacking is Footprinting. Footprinting is the collection

of every possible information regarding the target and target network.

• This collection of information helps in identifying different possible ways to

enter into the target network.

2
Footprinting Methodology
• Footprinting through:
1. Search Engines (Bing or Yahoo, Google)
2. Advance Google Hacking Techniques
3. Social Networking Sites
4. Websites
5. Email
6. Competitive Intelligence
7. WHOIS
8. DNS
9. Network
10. Social Engineering

3
Footprinting through Search Engines
• Search Engines (Bing or Yahoo, Google).
• Gather Information from Financial Services (Yahoo, Google).
• Finding Company’s Public and Restricted Websites (Shodan.io)
• Footprinting through Job Sites (linkedIn, monster, indeed, … etc.)
• Collect Location Information (Google Earth, Google Map, Bing Map,
Wikimapia, Yahoo Map, …Other Map and Location services).
• People Search Online Services (Phones numbers, Addresses, and
People) → 1. www.privateeye.com 5. www.intelius.com
2. https://www.spokeo.com/ 6. https://www.peoplefinder.com/
3. Public background checks websites Many more …..
4. www.anywho.com
• Information Gathering Using Groups, Forums, and Blogs (Joining with
fake ID) 4
Footprinting using Advanced Google Hacking Techniques

• Google Advanced Search Operators (Search it)

• Google Hacking Database (GHDB)

• https://www.exploit-db.com/google-hacking-database/

5
Footprinting through Social Networking Sites

• Footprinting using Social Engineering on Social Networking Sites

What Users Do Information What attacker gets
People maintain • Photo of the target • Personal Information about
their profile • Contact numbers a target including personal
• Email Addresses information, photo, etc.
• Date of birth • Social engineering
• Location
• Work details
People updates • Most recent personal information • Platform & Technology
their status • Most recent location related information.
• Family & Friends information • Target Location.
• Activities & Interest • List of Employees / Friends
• Technology related information / Family.
• Upcoming events information • Nature of business
6
Website Footprinting
• Website Footprinting using Web Spiders
• Website Mirroring Tools
Software Websites
Win HTTrack Website Copier https://www.httrack.com/page/2/
Surf offline Professional http://www.surfoffline.com/
Black Widow https://softbytelabs.com/wp/
NCollector Studio https://download.cnet.com/ncollector-studio/
Website Ripper Copier http://www.tensons.com
http://websiterippercopier.com/
Portable Offline Browser http://www.metaproducts.com
PageNest https://www.malavida.com/en/soft/pagenest/
Backstreet Browser http://www.spadixbd.com/backstreet/
GNU Wget https://www.gnu.org/software/wget/
Hooeey Webprint http://www.hooeeywebprint.com.s3-website-us-east-
1.amazonaws.com/

7
Email Footprinting
• Tracing an email using email header • Popular Email Tracking
tools are as follows:
can reveal the following information: • Polite Mail
• Email Tracker Pro
• Destination address Sender’s • Email Lookup
• IP address Sender's Mail server • Yesware
• Who Read Me
• Time & Date information • Contact Monkey
• Authentication system information of • Read Notify
• Did They Read It
sender's mail server • Get Notify
• Point of Mail
• Trace Email
• G-Lock Analytics

8
Competitive Intelligence
• Some basic sources of competitive intelligence are:
• Official Websites
• Job Advertisements
• Press releases
• Annual reports
• Product catalogs
• Analysis reports
• Regulatory reports
• Agents, distributors & Suppliers

9
Monitoring Website Traffic of Target Company

• There are some website monitoring tools, which are being widely used by
developers, attackers, and penetration tester to check the statistics of
websites.
• Tools include Web-stat & Alexa and other tools showing information of
ranking of the targeted website.
• Viewer, number of worldwide users and the total number of the site linked, and much more.

• Monitoring tools is Trackur (trackur.com, find alternative, not available anymore)

Tools URL
Monitis (discontinued) http://www.monitis.com/
Web-stat https://www.web-stat.com/
Manage-engine https://www.manageengine.com/products/applications_ma
nager/website-monitoring.html
10
WHOIS Footprinting
• Go to the URL
• https://www.whois.com/ • WHOIS Lookup & Tools
• https://whois.domaintools.com • http://lantricks.com
• http://tialsoft.com
• You can download software “SmartWhois”
• http://www.johnru.com
from http://www.tamos.com
• https://www.bitsdujour.com/s
oftware/callerip-advanced
• http://www.nirsoft.net
• https://www.sobolsoft.com/int
ernet.htm

11
DNS Footprinting

• DNS lookup information is helpful to identify a • DNS Interrogation

host within a targeted network. Tools
• https://www.whatsmydns.net
• Go to the URL:
• https://www.dnsstuff.com
• http://www.kloth.net
• https://centralops.net/co/
Record Type Description • http://www.dnswatch.info
A The host's IP address
MX Domain's Mail Server
NS Host Name Server • http://www.domaintools.com
CNAME Canonical naming allows aliases to a host
SDA Indicate authority for the domain
SRV Service records • http://www.dnsqueries.com
PTR IP-Host Mapping
RP Responsible Person
HINFO
TXT
Host Information
Unstructured Records 12
 Network Footprinting
• Network Footprinting can extract information • Tools for this purpose:
such as:
• Whois
• Network address ranges • Ping
• Hostnames • Nslookup
• Exposed hosts
• Tracert

• OS and application version information

• Patch state of the host and the applications
• Structure of the applications and back-end servers

13
Network Footprinting (Traceroute)
Traceroute Tools Website
Path Analyzer Pro www.pathanalyzer.com
Visual Route www.visualroute.com
3D Traceroute https://www.majorgeeks.com/files/details/3d_trac
eroute.html

14
Footprinting through Social Engineering
Social Engineering: is the art of extracting • Eavesdropping
sensitive information from peoples.
• Phishing
• Credit card information.
• Username & Passwords. • Shoulder
• Security devices & Technology information. Surfing
• Operating System information.
• Software information. • Dumpster
• Network information. Diving
• IP address & name server’s information.
15
Footprinting Tool
• Maltego: is a data mining tools that are powered by Paterva. This interactive
tool gathers data and represents graphs for analysis.

https://www.maltego.com/downloads/
*Community version is available.

https://www.kali.org/tools/maltego/

https://wondersmithrae.medium.com/a-beginners-guide-to-osint-investigation-with-maltego-6b195f7245cc 16
Footprinting Tool
• Recon-ng: is a full feature Web Reconnaissance framework used for
information gathering purpose as well as network detection. This tool is
written in python, having independent modules, database interaction and
other features.
>> recon-ng >> show modules
>> Search Netcraft
>> use recon/domain- hosts/Netcraft
>> set source [domain] >> Run
https://tools.kali.org/information-gathering/recon-ng

17
Gathering information using Windows Command Line Utilities

• Ping example.com
• Now, Enter the command “ Ping example.com –f –l 1500 ” to check the
value of fragmentation.
• Tracert example.com

18
Downloading a Website using Website Copier tool (HTTrack)

• http://www.httrack.com

• Cyotek WebCopy:
• https://www.cyotek.com/downloads
19