Professional Documents
Culture Documents
Foot Printing
Foot Printing
Foot Printing
Information
gathering
Result Analysis
Attack planning
Foot printing stages
Target identification – The first step involves recognizing the target
organization and its systems for footprinting. This can be done by
scanning networks for open ports or using IoT search engines such
as Shodan and Censys.
Information gathering – Gathering vital information, including IP
addresses, open ports and services, usernames, and passwords
from the identified target
Result analysis – Extracted data is analyzed for vulnerabilities
across multiple systems, or results are compared against known
exploits.
Attack planning – The final stage is the attack phase, where the
threat actor develops custom exploits or chooses a suitable attack
vector based on the data collected to compromise vulnerable
systems.
T
Advantages of foot printing
Help businesses identify and secure IT
infrastructure before a threat actor exploits a
vulnerability.
Helps companies better understand their current
security posture through analysis of data gathered
about the firewall, security configuration and
more.
Drawing a network map helps cover all trusted
routers, servers and other network topologies.
Users can pursue a reduced attack surface by
narrowing it down to a specific range of systems.
Foot printing tools
TheHarvester
Dnsenum
Nmap
Maltego
Google Dorks
Sam Spade
Maltego:
SuperScan. Etc
Open source Intelligent platforms such as Virus total. etc
Foot printing with
nmap
Option Discription
-sS
TCP syn Port scan
-sT
TCP connect port scan
-sA
UDP port scan
-sU
TCP ACK port scan
Options for detecting OS and
version of running services:
Option Discription
-A
Performs aggressive scan.
-O
Detects the running operating
system of attacked machine.
-sV
Detects the versions of running
services.
Timing and Performances options:
Option
https://www.geeksforgeeks.org/
footprinting-with-nmap-in-kali-linux/
DNSENUM
Dnsenum is a multithreaded perl script to enumerate DNS
information of a domain and to discover non-contiguous ip blocks.
The main purpose of Dnsenum is to gather as much information as
possible about a domain.
DNSENUM performs the
following operations:
Get the host’s addresses (A record).
Get the namservers (threaded).
Get the MX record (threaded).
Perform axfr queries on nameservers and get BIND versions(threaded).
Get extra names and subdomains via google scraping (google query =
“allinurl: -www site:domain”).
Brute force subdomains from file, can also perform recursion on
subdomain that have NS records (all threaded).
Calculate C class domain network ranges and perform whois queries on
them (threaded).
Perform reverse lookups on netranges (C class or/and whois netranges)
(threaded).
Write to domain_ips.txt file ip-blocks.
How to install: dnsenum (Kali)
>>sudo apt install dnsenum
Run the tool
>>dnsenum <target domain>
Get manual for dnsenum
>>dnsenum -h