Footprinting is the safest stage of hacking where the hackers can attempt to collect and harvest a handful amount of information about the target without giving the target any tips, or alerts, about those on going reconnaissance attempts. Information revealed during this footprinting stage can be very potential in. 2) In computers, footprinting is the process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment. Footprinting can reveal system vulnerabilities and improve the ease with which they can be exploited. Your Guide to Info Sec Certifications.
Unlock the full course today
Join today to access over 13,000 courses taught by industry experts or purchase this course individually.
Course details
If you watched our Introduction to Ethical Hacking course, you know the basics of ethical hacking. Ethical hackers use their knowledge for good: to test if an organization's network is vulnerable to outside attacks. But where do they start? With footprinting (aka reconnaissance), the process of gathering information about computers and the people to which they belong. In this course, Lisa Bock introduces the concepts, tools, and techniques behind footprinting: finding related websites, determining OS and location information, identifying users through social media and financial services, tracking email, and more. Footprinting relies on tools as simple as a web search and dumpster diving, and as complex as DNS interrogation and traceroute analysis. Lisa shows how to put these nefarious sounding tools to work for good, and mitigate any risks an organization has to these types of attacks.
Note: Our Ethical Hacking series maps to the 18 parts of the EC-Council's certification exam. This course maps to the 02 Footprinting and Reconnaissance domain.Related courses
Course Transcript
- [Instructor] Email is one of our main forms of communication in the business world. Email addresses represent a coveted target for hackers. Where can they be found? Well, one of the things is they can be found on a company's website. But in addition, they can also be generated and crafted. A compromised email attack is commonly linked with identity theft. A hacker can take over an account and get all your contacts and other personal information, and that can result in other accounts being compromised. Having a list of valid email addresses to a company, we can generate a spear phishing attack. So one of the things we try to enforce upon owners is that concealing email lists on a website is very important. Now here is an example of a notification of a recent attack. Information has been released regarding a group of malicious cyber actors who have compromised and stolen sensitive information from various government and commercial networks. The attack used malicious files often…Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.Download on the App StoreGet it on Google PlayWatch this course anytime, anywhere. Get started with a free trial today.
Course Contents
One way to begin planning an ethical hack on your business is through a process often called footprinting.Through footprinting, you see what others can see about your organization and systems. Here is the process for footprinting:
Gather public information
The amount of information you can gather about an organization’s business and information systems is staggering and widely available on the Internet. Your job is to find out what’s out there. This information allows malicious attackers and employees to target specific areas of the organization, including departments and key individuals.
The following techniques can be used to gather information about your organization.
Social media
Social media sites are the new means for businesses interacting online. Perusing the following sites can provide untold details on any given business and its people:
Web search
![Printing Printing](/uploads/1/2/5/6/125608629/407123526.jpg)
Performing a web search or simply browsing your organization’s website can turn up the following information:
- Employee names and contact info
- Important company dates
- Incorporation filings
- SEC filings
- Press releases about physical moves, organizational changes, and new products
- Mergers and acquisitions
- Patents and trademarks
- Presentations, articles, webcasts, or webinars
With Google, you can search the Internet in several ways:
- By typing keywords: This kind of search often reveals hundreds and sometimes millions of pages of information — such as files, phone numbers, and addresses — that you never guessed were available.
- By performing advanced web searches: Google’s advanced search options can find sites that link back to your company’s website. This type of search often reveals a lot of information about partners, vendors, clients, and other affiliations.
- By using switches to dig deeper into a website: For example, if you want to find a certain word or file on your website, simply enter a line like one of the following into Google:
You can even do a generic filetype search across the entire Internet to see what turns up, such as this:
Use the preceding search to find Flash .swf files, which can be downloaded and decompiled to reveal sensitive information that can be used against your business.
Use the following search to hunt for PDF documents that might contain sensitive information that can be used against your business:
Web crawling
Web-crawling utilities, such as HTTrack website Copier, can mirror your website by downloading every publicly accessible file from it. You can then inspect that copy of the website offline, digging into the following:
- The website layout and configuration
- Directories and files that might not otherwise be obvious or readily accessible
- The HTML and script source code of web pages
- Comment fields
Comment fields often contain useful information such as names and e-mail addresses of the developers and internal IT personnel, server names, software versions, internal IP addressing schemes, and general comments about how the code works.
Websites
The following websites may provide specific information about an organization and its employees:
- Government and business websites:
- www.hoovers.com and http://finance.yahoo.com give detailed information about public companies.
- www.sec.gov/edgar.shtml shows SEC filings of public companies.
- www.uspto.gov offers patent and trademark registrations.
- The website for your state’s Secretary of State or similar organization can offer incorporation and corporate officer information.
- Background checks and other personal information:
Map the network
When you map your network, you can search public databases and resources to see what other people know about your network.
Whois
The best starting point is to perform a Whois lookup by using any one of the Whois tools available on the Internet. You may have used Whois to check whether a particular Internet domain name is available.
For ethical hacking, Whois provides the following information that can give a hacker a leg up to start a social engineering attack or to scan a network:
- Internet domain name registration information, such as contact names, phone numbers, and mailing addresses
- DNS servers responsible for your domain
You can look up Whois information at one of the following places:
- A domain registrar’s site, such as www.godaddy.com
- Your ISP’s tech support site
A great Whois tool is DNSstuff.com. Although this tool is no longer free and is used to sell many services, it’s still a good resource. Another good website is www.mxtoolbox.com.
You can run DNS queries directly from www.mxtoolbox.com to
- Display general domain-registration information
- Show which host handles e-mail (the Mail Exchanger or MX record) for a domain
- Map the location of specific hosts
- Determine whether the host is listed on certain spam blacklists
A free site you can use for more basic Internet domain queries is http://dnstools.com.
The following list shows various lookup sites for other categories:
Google Groups
Google Groups can reveal surprising public network information. Search for such information as your fully qualified domain names (FQDNs), IP addresses, and usernames. You can search millions of Usenet posts that date back to 1981 for public and often very private information.
You might find some information that you didn’t realize was made public, such as the following:
- A tech-support or message board post that divulges too much information about your systems. Many people who post messages like these don’t realize that their messages are shared with the world or how long they are kept.
- Confidential company information posted by disgruntled employees or clients.
If you discover that confidential information about your company is posted online, you may be able to get it removed. Check out the Google Groups help page at for details.
Privacy policies
Check your website’s privacy policy. A good practice is to let your site’s users know what information is collected and how it’s being protected, but nothing more.