What is FOOTPRInting?

Footprinting is essentially the process of looking for clues.

You should know plenty about your target before you ever try to attack them,

No matter how big or small, every piece of information about a target could prove to be valuable at some point.

Footprinting is the process of collecting as much publicly available information about a target as possible.

The result of our footprinting process will result in a comprehensive "blueprint" of the security profile of the target organization.

Footprinting vs. recon

Are they the same??

Footprinting should be considered a part of recon but possibly not the entire process.

Footprinting is often thought of as the process of mapping out the landscape of a target system or entity

Recon is often thought to be the larger context of gathering as much information about a target as possible

Types of footprinting

Active Footprinting - The act of physically touching a device, network, property, etc... This is easily discoverable activity. Ex. Social Engineering

Passive Footprinting - The act of gathering information from publicly available sources. Most footprinting activities should be passive in nature. 

Anonymous Footprinting - The act of gathering information anonymously or in a way to be not identifiable

Pseudononymous Footprinting - VERY BAD - This is the act of performing actions under the identity of another person, potentially making them liable for illegal activity or prosecution

What are we looking for?

• System Information
  • Operating Systems
  • Running Services
• Network Information
  • DNS records
  • IP ranges/subnets
• Physical Information
  • Building layout

• Human Information
  • Employee information
  • Phone numbers
• Competitive Intelligence
  • Company website
  • Directory listings

desired outcomes

1. Know the security posture
2. Reduce the focus area
3. Identify vulnerabilities
4. Draw a network map

The general outcome desired from the footprinting of phase of recon can generally be grouped into the following four categories:

Ultimately goals should be defined up front so that you don't end up with an over abundance of data

WARNING!

The Computer Fraud and Abuse Act(1986) states that conspiracy to commit hacking a crime.

IMPORTANT: Remember to always get explicit authorization to conduct any kind of penetration testing against a target, even when searching publicly available information.

Footprinting methods

The intended outcome of the footprinting process is to create a profile of the target using the following methods:

• Open Source Intelligence(OSINT) Gathering
• Website and Email Footprinting
• DNS Footprinting 
• Online people search services
• Data extraction tools

infrastructure information

The intended outcome of the footprinting process is to create a profile of the target using the following methods:

• http://toolbar.netcraft.com/site_report
• ping
• nslookup
• host
• whois
• dig
• website scraping
• website cloning
• HTTP header inspection
• Cookie/Session Ids
• Zone Transfers
• Email address harvesting

online search services

A number of public web sites and other methods are available to search for publicly available information:

• http://pipl.com
• https://www.yellowpages.com
• http://www.sec.gov/edgar.shtml
• Google Filter Hacking
• Social Media sites

Website & Email footprinting

We can often decipher information about a given target through analyzing public websites and email headers

• Software Used
• Systems Used
• Filenames/Paths
• Contact Information
•  

Website/Email footprinting TOOLS

• Browser Debug Tools (Inspector & Firebug)
• BurpSuite
• BEeF (probably not right place even tho it does browser fingerprinting)
• Website Informer(website.informer.com)
• Web Mirroring
  • HTTrack
  • Black Widow
  • WebRipper
  • Teleport Pro
  • GNU Wget
  • Backstreet Browser
• History
  • Internet Archives
  • https://web.archive.org/