In our previous article, we have discussed a brief introduction of footprinting for gathering information related to the specific person. As we had discussed that there are so many types of footprinting and today we are going to talk about DNS footprinting, website footprinting, and whois footprinting.

Browsing the target Website may Providing

• Whos is Details
• Software used and version
• OS Details
• Sub Domains
• File Name and File Path
• Scripting Platform & CMS Details
• Contact Details

Let’s start!!

From Wikipedia 

Whois footprinting

WHOIS (pronounced as the phrase who is) is a query and response protocol and whois footprinting is a method for glance information about ownership of a domain name as following:

• Domain name details
• Contact details contain phone no. and email address of the owner
• Registration date for the domain name
• Expire date for the domain name
• Domain name servers

Whois Lookup

It is broadly used in support of querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.

Browse given URL http://whois.domaintools.com/in browser and type any domain name.

For example: let’s search pentestlab.in

Now you can see it has created a whois record for pentestlab.in where it contains details like email address, IP, registrant Org. From the given record, anyone can guess that this domain has some connection to raj chandel. The attacker needs to perform footprinting on raj chandel taking help from the previous article.

There is so many other tools use for whois footprinting for example:

• Caller IP
• Whois Analyzer pro
• Whois lookup multiple addresses

DNS Footprinting

The attacker performs DNS footprinting in order to enumerate DNS record details and type of servers. There is 10 type of DNS record which provide important information related to the target location.

1. A/AAAA
2. SVR
3. NS
4. TXT
5. MX
6. CNAME
7. SOA
8. RP
9. PTR
10. HINFO

Domain Dossier: it is an online tool use for complete DNS footprinting as well as whois footprinting.

There are so many online tool use for DNS footprinting, using domain dossier we will check for DNS records of penetstlab.in, select the check box for DNS records and traceroute and then click on go.

You can observe that the data which we received from whois lookup and from domain dossier is the same to some extent. It has given same email ID as above i.e. [email protected]and moreover details of DNS records TXT, SOA, NS, MX, A and PTR.

DNS Dumpster: it is also an online use for DNS footprinting.

DNSdumpster.com is a FREE domain research tool that can discover hosts related to a domain. Enumerate a domain and pull back up to 40K subdomains, results are available in an XLS for easy reference.

Repeating the same process for pentestlab.in, it will search for its DNS record. From the given screenshot, you can observe we have received the same details as above. More it will create a copy as an output file in from XLS. 

You get signal: it is also an online tool used for DNS footprinting as well as for Network footprinting

A reverse IP domain check takes a domain name or IP address pointing to a web server and searches for other sites known to be hosted on that same web server. Data is gathered from search engine results, which are not guaranteed to be complete

Hence we get the IP 72.52.229.111 for pentestlab.inmoreover it dumped the name of 14 other domain which is hosted on the same web server.

Website Footprinting

It is a technique used for extracting the details related to the website as following

1. Archived description of the website
2. Content management system and framework
3. Script and platform of the website and web server
4. Web crawling
5. Extract metadata and contact details from the website
6. Website and web page monitoring and analyzer

Archive.org: It is an online tool use for visiting the archived version of any website.

Archive.org has search option as way back machine which is like a time machine for any website. It contains entire information from past till present scenario of any website either their layout or content everything related to the website is present inside. In simple words, it contains the history of any website.

For example, I had a search for the hackingarticles.in the archived record of 2012.

 

Built With: It is an online tool used for detecting techniques and framework involved inside running website.

BuiltWith.com technology tracking includes widgets, analytics, frameworks, content management systems, advertisers, content delivery networks, web standards, and web servers to name some of the technology categories.

 Taking the example of hackingarticles.in again we found the following things:

• Content Management system: WordPress
• Framework: PHP

Whatweb

Whatweb can identify all sorts of information about a live website, like Platform, CMS platform, Type of Script, Google Analytics, Web server Platform, and IP address Country. A pentester can use this tool as both a recon tool & vulnerability scanner.

Open the terminal in Kali Linux and type following command

As result, we receive the same information as above

Web crawling

HTTrack is a free and open source Web crawler and offline browser, developed by Xavier Roche

It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site’s relative link-structure. 

 Give target URL for copy the web site as www.pentestlab.in which starts downloading the website.

https://www.hackingarticles.in/5-ways-crawl-website/

Web Data Extractor

Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. A special feature of WDE Pro is custom extraction of structured data.

Start new project Type target URL as ignitetechnologies.in and select folder to save the output and click on ok.

Now, this tool will extract metadata, email contact no. and etc from inside the target URL.

From given screenshot, you can see it found 40 meta tags1 email 84-phone number from ignitetechnologies.in website.

Similarly the other tool use as web data extractor:

Web spider

Competitive Intelligence

Website-Watcher is a powerful yet simple website-monitoring tool, perfectly suited to the beginner and advanced user alike.  You can download it from here.

Using the new tab and enter the target URL which starts monitoring the target website.

For example, I enter the URL hackingarticles.in for monitoring this website.

Similarly, there are some other tools uses for monitoring:

On web change

Follow that page

Informinder

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

There are many saying about knowing your enemy, time and time again these sayings have proved to be true. Today we hear all around the work of hackers and many-a-times we fail to protect ourselves. This happens because we are not familiar with their working process. Therefore, in this article, we are here to make to accustomed to the first step of the process i.e. Footprinting.

In the world of Cyber Security, Footprinting is the first step which lets penetration testers gather information about hardware or network. It is basically an exploration process which helps us to know our enemy. In order to complete the penetration process, one ought to gather as much information as possible.  Footprinting can be done either actively or passively. Assessing a company’s website with their permission is an illustration of passive footprinting and trying to access sensitive information through social engineering is an illustration of active information gathering.

Types of Footprinting:

• Footprinting through Search Engine
• Footprinting through social engineering
• Footprinting through Social Networking sites
• Website Footprinting
• Competitive Intelligence
• WHOIS Footprinting
• Footprinting using advanced Google hacking techniques
• Email Footprinting
• DNS Footprinting
• Network Footprinting

As this is the first part of our footprinting series, we will discuss the first three types of footprinting.

Footprinting through Search Engine

Footprinting through the search engine is unambiguous in itself. People often wonder what one can find through the search engine as the common concept of the search engine is basic exploring. But results given by the search engine can be used to hacker’s advantage as they are vast in nature.

Attackers use search to gather information about their target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and/or other types of advanced system attacks.

Even search engine cache and internet archives may provide sensitive information that has been removed from the World Wide Web (WWW).

There are many search engines where you can find anything that desires from finding the meaning of the word to finding a person. Such search engines are:

www.google.com

www.bing.com

www.shodan.io

www.duckduckgo.com

Now let’s take the example of google.com. If I search “Raj Chandel” on Google, then it will give me every possible result associated with the said person.

Same will be the result from other search engines. But different search engines are often used for particular searches. As shown above, Google is good for general information. If you want to know which websites are hosted on a particular server then you can use the Bing search engine. To know an IP address of any website just ping the website as shown below :

Now, open bing.com and type the IP in the search tab and press enter.

So like this, Bing can give you details about websites which are hosted in the same server

Another search engine is shodan.io, it helps to locate various open ports, vulnerable IP’s, and effected digital-ware all over the world.  Open shodan.io in your browser and search for port or IP.

For a detailed tutorial of shodan.io please follow this link:

https://www.hackingarticles.in/shodan-search-engine-hackers-beginner-tutorial/

Footprinting through Jobs Seeking Sites

Similarly, you can collect an abundance of information through job sites. You can know about the company’s infrastructure details, employee’s profile, hardware information, software information. Some of such sites are:

www.monster.com

http://www.careerbuilder.co.in/

www.dice.com

www.simplyhired.com

www.indeed.com

www.usajobs.gov

www.naukri.com

Footprinting through Alerts

There is also a feature of adding alerts. This feature gives you an alert if anything is changed in a particular website; given that you have added an alert to the said website. To do so, open google.com/alerts and type the name of the website that you wanted to alert about. And then click on create an alert.

And this way an alert will be created.

Footprinting through Social Networking Sites

Attackers use social networking sites like Facebook, Twitter, and Pinterest etc. to gain important and sensitive data about their target. They often create fake profiles through these social media to lure their target and extract vulnerable information.

Employees may post personal information such as DOB, educational and employment background, spouse’s names, etc. and information about their company such as potential clients and business partners, trade secrets of business, websites, company’s upcoming news, mergers, acquisitions, etc.

Even the information about the employee’s interest is tracked and then they are trick into revealing more information.

Now if you want to search a particular person using just their name or email then there are specialized websites for it like pipl.com and lullar.com

Open pipl.com and type the name of the person you want to search about. For instance, I have searched my own name and as you can see in the image below we get a positive result.

Now open lullar.com, here you can search for people using their email and much more. Here, I have searched through email (using my own email) and there is a positive result in the image below.

Footprinting through Social Engineering

Social engineering is an art of manipulating human behavior to our own advantage. This proves most helpful when the need for extraction of confidential information. To do so, we have to depend on the fact that people are unaware of their valuable information and have no idea about being exploited. The most common example for this is when people call as fake credit/debit card companies and try to extract information.

Techniques used for social engineering are:

Eavesdropping

Shoulder surfing

Dumpster diving

Impersonation on social networking sites

 This is how footprinting is done through search engines, social networking sites and social engineering. As white hat hackers, we should know about it but we should also be aware try to protect ourselves from black hat hackers against footprinting.

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here

Fast Resolver

FastResolver is a small utility that resolves multiple host names into IP addresses and vice versa. You can simply type the list of IP addresses or host name that you want to resolve, or alternatively, you can specify IP addresses range that you want to scan. For local network, FastResolver also allows you to get the MAC address of all IP addresses that you scan. FastResolver is a multithreaded application, so it can resolve dozens of addresses within a few seconds.

Download Fastresolver form here and click fastresolver icon and select the IP range and click on ok.

Advanced IP Scanner

Advanced IP Scanner is a fast, robust and easy-to-use free IP scanner for Windows. In a matter of seconds, this utility finds all the computers on your network and provides easy access to their various resources, whether HTTP, HTTPS, FTP or shared folders. With Advanced IP Scanner, you can wake up and shut down remote groups of Windows machines.

Download advanced IP scanner from here. Click on the icon and enter the IP range. Click on scan.

SoftPerfect Network Scanner

 SoftPerfect Network Scanner is a free multi-threaded IPv4/IPv6 scanner with a modern interface and many advanced features. It is intended for both system administrators and general users interested in computer security. The program pings computers, scans for listening TCP/UDP ports and discovers shared folders, including system and hidden ones.

Download SoftPerfect from here. Open the tool and enter the range to scan then click on start scanning.

Angry IPScanner

 Angry IP scanner is a very fast IP address and port scanner. It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.

Download Angry IPScanner from here. Open the tool and enter the range and then click on start.

Netdiscover

Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.

Open Kali Linux terminal and write netdiscover. This will show the IPs of the systems in the network.

Nmap    

The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features.

Download Nmap from here. Open the tool and then enter the range. then select the type of scan then click on scan.

Author: Aditya Mohan Mishra is a 10^th class student. He likes to discover new facts and tools.