Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 91


Footprinting and Reconnaissance

Security news

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 2/91

Module Objectives

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 3/91

Footprinting Terminology

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 4/91

What is footprinting

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 5/91

Defining Footprinting
 Footprinting is the blueprinting of the security profile
of an organization, undertaken in a methodological
 Footprinting is one of the three pre-attack phases. The
others are scanning and enumeration.
 Footprinting results in a unique organization profile
with respect to networks (Internet / Intranet /
Extranet / Wireless) and systems involved.
 An attacker will spend 90% of the time in profiling an
organization and another 10% in launching the attack

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 6/91

Why footprinting

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 7/91

Objectives of footprinting

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 8/91

Footprinting Threats

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 9/91

Type of Threats
 Social engineering: Without using and the intrusion
methods, hacker directly and indirectly collect
information through the persuasion and various other
 System and network attacks: Footprinting helps an
attacker to perform system and network attacks.
Through footprinting, attackers can gather information
related to the target organization's system configuration,
operating system running on the machine, and so on.
Using this information, attackers can find the
vulnerabilities present in the target system and then can
exploit those vulnerabilities. Thus, attackers can take
control over a target system. Similarly, attackers can
also take control over the entire network
Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 10/91
Type of Threats
 Information leakage: Information leakage can be a
great threat to any organization and is often
overlooked. If sensitive organizational information falls
into the hands of attackers, then they can build an
attack plan based on the information, or use it for
monetary benefits.
 Privacy Loss: With the help of footprinting, hackers
are able to access the systems and networks of the
company and even escalate the privileges up to admin
levels. Whatever privacy was maintained by the
company is completely lost

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 11/91

Type of Threats
 Corporate Espionage: Corporate espionage is one
of the major threats to companies as competitors can
spy and attempt to steal sensitive data through
footprinting. Due to this type of espionage,
competitors are able to launch similar products in the
market, affecting the market position of a company
 Business Loss: Footprinting has a major effect on
businesses such as online businesses and other
ecommerce websites, banking and financial related
businesses, etc. Billions of dollars are lost every year
due to malicious attacks by hackers.

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 12/91

Footprinting Methodology
 The footprinting methodology is a procedural way of
collecting information about a target organization
from all available sources. It deals w ith gathering
inform ation about a target organization, determ ining
URL, location, establishment details, num ber of
employees, the specific range of domain names, and
contact inform ation. This inform ation can be
gathered from various sources such as search
engines, Whois databases, etc.
 Search engines are the main inform ation sources
where you can find valuable inform ation about your
target organization

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 13/91

Footprinting Methodology
 Footprinting through Search Engines
 Footprinting through Job Sites
 Email footprinting
 Footprinting using Google
 WHOIS Footprinting
 DNS Footprinting
 Network footprinting
 Footprinting through Social Engineering
 Footprinting Countermeasures
 Footprinting Penetration Testing

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 14/91

Footprinting through Search Engines
 Attackers use search engines to e xtract information
about a target such as technology platforms,
employee details, login pages, intranet portals, etc.
which helps in performing social engineering and
other types of advanced system attacks
 Search engine cache may provide sensitive
information that has been removed from the World
Wide Web (WWW)

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 15/91

Footprinting through Search Engines

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 16/91

Finding company’ external and internal URLs

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 17/91

Public and Restricted Websites

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 18/91

Public and Private Websites

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 19/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 20/91


Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 21/91

GoogleEarth Showing Pentagon

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 22/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 23/91

Google Maps showing a Street View

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 24/91

People Search

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 25/91

People Search Website

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 26/91

Satellite Picture of a Residence

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 27/91

People Search Online Services

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 28/91

People Search on Social Networking Services
 Facebook:
 Linkedln
 Twitter
 Google+

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 29/91

Footprinting through Job Sites

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 30/91

Footprinting through Job Sites
 Usually attackers look for the following information:
 Job requirements
 Employee's profile
 Hardware information
 Software information

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 31/91

Website Footprinting

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 32/91

Website Footprinting

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 33/91

Mirroring Entire Website

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 34/91

Mirroring an Entire Website
 Website mirroring is the process of creating an exact
replica of the original website. This can be done with the
help of web mirroring tools. These tools allow you to
download a website to a local directory, recursively
building all directories, HTML, images, flash, videos
and other files from the server to your computer.
 Website mirroring has the following benefits:
 It is helpful for offline site browsing.
 Website mirroring helps in creating a backup site for the
original one.
 A website clone can be created.
 Website mirroring is useful to test the site at the time of
website design and development.
 It is possible to distribute to multiple servers instead of using
only one server.
Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 35/91
Website Mirroring Tools

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 36/91

Monitoring Web Updates Using
Website Watcher

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 37/91

How to Setup a Fake Website?

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 38/91

How to Setup a Fake Website?

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 39/91

Website Stealing Tool: Reamweaver
 Reamweaver has everything you need to
instantly “steal" anyone's website, copying
the real-time "look and feel" but letting
you change any words, images, etc. that
you choose
 When a visitor visits a page on your
stolen (mirrored) website, Reamweaver
gets the page from the target domain,
changes the words as you specify, and
stores the result (along with images, etc.)
in the fake website
 With this tool your fake website will
always look current, Reamweaver
automatically updates the fake mirror
when the content changes in the original
 Download:
Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 40/91
Email footprinting
 Attacker tracks email to gather information about the physical
location of an individual to perform social engineering that in
turn may help in mapping target organization's network
 Email tracking is a method to monitor and spy on the delivered
emails to the intended recipient

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 41/91

Tracking Email Communications
 By using email tracking tools you can gather the following
information about the victim:
 Geolocation: Estimates and displays the location of the recipient
on the map and may even calculate distance from your location.
 Read duration: The duration of time spent by the recipient on
reading the mail sent by the sender.
 Proxy detection: Provides information about the type of server
used by the recipient.
 Links: Allows you to check whether the links sent to the recipient
through email have been checked or not.
 Operating system: This reveals information about the type of
operating system used by the recipient. The attacker can use this
information to launch an attack by finding loopholes in that
particular operating system.
 Forward email: Whether or not the email sent to you is forwarded
to another person can be determined easily by using this tool.
Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 42/91
Email Header
 Email header contains the following information:
 Sender's mail server
 Data and time received by the originator's email
 Authentication system used by sender's mail server
 Data and time of message sent
 A unique number assigned by to
identify the message
 Sender's full name
 Senders IP address
 The address from which the message was sent

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 43/91

Email Header

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 44/91

Tool: eMailTrackerPro

eMailTrackerPro is the e-mail analysis

tool that enables analysis of an e-mail
and its headers automatically and
provides graphical results

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 45/91

Tool: Free Email Tracker

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 46/91

Footprinting using Google
 Though Google is a search engine, the process of
footprinting using Google is not similar to the process of
footprinting through search engines. Footprinting using
Google deals with gathering information by Google
hacking. Google hacking is a hacking technique to locate
specific strings of text within search results using an
advanced operator in Google search engine. Google will
filter for excessive use of advanced search operators and
will drop the requests with the help of an Intrusion
Prevention System

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 47/91

Google Hacking Techniques

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 48/91

Some of the popular Google operators
 Site: The .Site operator in Google helps to find only pages that belong
to a specific URL.
 allinurl: This operator finds the required pages or websites by
restricting the results containing all query terms.
 Inurl: This will restrict the results to only websites or pages that
contain the query terms that you have specified in the URL of the
 allintitle: It restricts results to only web pages that contain all the
query terms that you have specified.
 intitle: It restricts results to only the web pages that contain the
query term that you have specified. It will show only websites that
mention the query term that you have used.
 Inanchor: It restricts results to pages containing the query term that
you have specified in the anchor text on links to the page.
 Allinanchor: It restricts results to pages containing all query terms
you specify in the anchor text on links to the page.
Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 49/91
What Can a Hacker Do with Google Hacking?

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 50/91

Google Advance Search Operators

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 51/91

Google Hacking Tools

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 52/91

WHOIS Footprinting

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 53/91

Whois Lookup
 With whois lookup, you can get personal and contact
 For example,

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 54/91

targetcompany (targetcompany-DOM)
# Street Address
City, Province
State, Pin, Country
Domain Name: targetcompany.COM

Administrative Contact:
Surname, Name (SNIDNo-ORG)
targetcompany (targetcompany-DOM) # Street Address
City, Province, State, Pin, Country
Telephone: XXXXX Fax XXXXX
Technical Contact:
Surname, Name (SNIDNo-ORG)
targetcompany (targetcompany-DOM) # Street Address
City, Province, State, Pin, Country
Telephone: XXXXX Fax XXXXX

Domain servers in listed order:


Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 55/91

Online Whois Tools

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 56/91

Tool: SmartWhois
SmartWhois is a useful network information
utility that allows you to find out all available
information about an IP address, host name, or
domain, including country, state or province, city,
name of the network provider, administrator and
technical support contact information

Unlike standard Whois utilities,

SmartWhois can find the
information about a computer
located in any part of the world,
intelligently querying the right
database and delivering all the
related records within a few

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 57/91

WHOIS Lookup Online Tools
 SmartWhois available at
 Better Whois available at
 Whois Source available at
 Web Wiz available at
 available at
 Whois available at
 DNSstuff available at
 Network Solutions Whois available at
 WebTooIHub available at
 Ultra Tools available at

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 58/91

DNS Footprinting

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 59/91

Extracting DNS Information
 Source:

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 60/91

DNS Interrogation Tools
 A few more well-known DNS interrogation tools are
listed as follows:
 DIG available at
 myDNSTools available at
 Professional Toolset available at
 DNS Records available at
 DNSData View available at
 DNSWatch available at
 DomainTools Pro available at
 DNS available at
 DNS Lookup Tool available at
 DNS Query Utility available at http://www.webmaster-
toolkit.comKhoa CNTT – ĐH Nông Lâm TP. HCM 2015 61/91
 Nslookup is a program to query Internet domain name
servers. Displays information that can be used to
diagnose Domain Name System (DNS) infrastructure.
 Helps find additional IP addresses if authoritative DNS
is known from whois.
 MX record reveals the IP of the mail server.
 Both Unix and Windows come with a Nslookup client.
 Third party clients are also available – E.g. Sam Spade

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 62/91

NSLookup options
Switch Function
nslookup Launches the nslookup program.
host name Returns the IP address for the specified host
NAME Displays information about the host/domain
NAME using default server
NAME1 NAME2 As above, but uses NAME2 as server
help or? Displays information about common
set OPTION Sets an option
domain=NAME Sets default domain name to NAME.
root =NAME Sets root server to NAME.
retry=X Sets number of retries to X.
timeout=X Sets initial timeout interval to X seconds.
Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 63/91
Types of DNS Records

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 64/91

Network footprinting

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 65/91

Determine the Operating System

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 66/91

Determine the Operating System

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 67/91

 Traceroute works by exploiting a feature of the Internet
Protocol called TTL, or Time To Live.
 Traceroute reveals the path IP packets travel between two
systems by sending out consecutive UDP packets with ever-
increasing TTLs .
 As each router processes a IP packet, it decrements the TTL.
When the TTL reaches zero, it sends back a "TTL exceeded"
message (using ICMP) to the originator.
 Routers with DNS entries reveal the name of routers, network
affiliation and geographic location.

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 68/91


Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 69/91

Traceroute Analysis

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 70/91

Traceroute Tools

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 71/91

Tool: NeoTrace (Now McAfee Visual Trace)

NeoTrace shows the

traceroute output
visually – map view,
node view and IP view

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 72/91

Tool: VisualRoute Trace

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 73/91

Tool: Path Analyzer Pro -

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 74/91

Path Analyzer Pro Screenshot

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 75/91

Path Analyzer Pro Screenshot

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 76/91

Path Analyzer Pro Screenshot

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 77/91

Footprinting through Social Engineering

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 78/91

Footprinting through Social Engineering

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 79/91

Collect Information through Social
Engineering on Social Networking Sites

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 80/91

Footprinting Tool: Maltego

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 81/91

Footprinting Tool: Domain Name Analyzer Pro

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 82/91

Footprinting Tool: Domain Name Analyzer Pro
 Domain Name Analyzer Professional is Windows
software for finding, managing, and maintaining
multiple domain names. It supports the display of
additional data (expiry and creation dates, name
server information), tagging domains, secondary
whois lookups

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 83/91

Footprinting Tool: Web Data Extractor

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 84/91

Additional Footprinting Tools
 Whois
 Nslookup
 Neo Trace
 VisualRoute Trace
 SmartWhois
 eMailTrackerPro
 Website watcher
 Google Earth
 GEO Spider
 HTTrack Web Copier
 E-mail Spider
Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 85/91
Footprinting Countermeasures

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 86/91

Footprinting Countermeasures

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 87/91

Footprinting Penetration Testing
 Footprinting pen test is used to determine organization's publicly available
information on the Internet such as network architecture, operating systems,
applications, and users
 The tester attempts to gather as much information as possible about the target

organization from the Internet and other publicly accessible sources

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 88/91

Footprinting Penetration Testing

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 89/91

Footprinting Penetration Testing

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 90/91

Footprinting Penetration Testing

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 91/91

You might also like