img src : https://goo.gl/wGUsYQ |
Well, going to face CEH exam ? or thinking so ? So, at first clearly understand about theory and tools involved in 1st phase of penetration test, i.e. Footprinting.
How anyone can do footprinting ? You already knew that footprinting is all about gathering information of system, right ? Now let me outline some details on it.
# Footprinting through Search Engines
- Here, we try to gather information of system, organization and personal details from search engine (if available)
- Like, you can search for default fields of router (passwords or usernames), or you can search publicly available status of any person, e.t.c (many many more other)
# Role of Social Networking Sites in Footprinting
- For me, this part is very important. Nowadays, information shared via social networking sites are like Gifts to us.
- We can get everyday updates of company, people. They share a lot of information knowingly or unknowingly in social networking sites. And these posts reveal so much about particular aspect.
# Footprinting using who.is or netcraft.com
- Reveals details in depth, reveals technology used, also we can risk rate sites.
- Mostly used in case of websites.
There are various mechanisms of footprinting. Network Footprinting, DNS Footprinting, Footprinting via Social Engineering, e.t.c. LEARN THEM WELL, VERY WELL.
# Some name of Footprinting Tools :
- who.is
- netcraft.com
- TinEye tineye.com
- NSlookup kloth.net
- Wikto research.sensepost.com
E.T.C (many many more available)
On average, how footprinting flows ?
Well, here we have ...
1) Performing WHOIS, using tools such as who.is
2) Performing DNS footprinting, using tools such as DNS Records
3) Performing Network footprinting, using tools such as Path Analyzer Pro
4) Performing Social Engineering, using techniques such as Eavesdropping, Shoulder Surfing
These are just few tools and methods.
Ok, stay tuned for next guide :)
Comments
Post a Comment