Footprinting is the first and most important step for a hacker if he wants to hack a system. you might know that the hackers who attempt to hack an organization without having prior information about the organization are called suicide hackers. Information means-
- Is the system live?
- It’s IP address.
- Geographical location
- How many security systems are defending attacks
- How many domain names it has
- What type of Operating system they are using
- Phone numbers, email IDs, details of employee
A hacker does his job after researching the information he collected. A pentester or a cybersecurity expert have to think like a hacker to know all techniques to defeat hacker’s attack. So, let’s know the definition of footprinting.
The fine art of gathering target information is called footprinting.
We can divide footprinting into two parts.
- Active Footprinting: If we talk about this type then here comes mirroring websites, email tracking, and server verification.
- MIRRORING WEBSITE: Here a hacker downloads all available contents of a website for offline analysis. A hacker does an exact copy of a website using website mirroring tools. For example, Teleport Pro, iMiser, HTTrack website copier etc. website mirroring tools. After downloading the website offline a hacker finds out the vulnerabilities and loopholes. The advantage of offline analysis of websites is, a hacker doesn’t need to take any kind of risk.
- EMAIL TRACKING: Here a hacker examines email processing path. That means, here a hacker can find out from where the email is coming, what is its IP etc. To do this a hacker uses email tracking software, for example, Email Tracker Pro, MSGTAG, Zendio, PoliteMail etc. If someone sends you a fake email then, by using these tools you can find out its IP address, its exact location, its all details using these tools.
- SERVER VERIFICATION: Here a hacker finds that whether the server reachable or not from his own system. This means, when a hacker wants to hack a website, he finds whether the system alive or not. To do this ping is used. Also, to enumerate network path from attacker to target, server verification is used. From your own system to the target system, through how many routers you are going, to know the path server verification is used. To do this Tracert, Visual Traceroute, Sam Spade, TCR Trace Route etc. tools are used. And, to identify connectivity with the target we can simply find out by using the ping command.
- Passive Footprinting: Passive footprinting is a method in which the attacker never makes any contact with the target systems. In this attack, the attacker doesn’t collect information directly from the target system but he collects from google search, whois queries, DNS lookup, social networking sites etc.
Now, I think you understood the types of footprinting active and passive. But we can divide these techniques into three parts. So, now have look at these three parts.
Footprinting through the search engine:
The Google Hacking Database(GHDB) is a compiled list of common mistakes in web/server admins make, which can be easily searched by using Google. This is a complete list of vulnerabilities or loopholes that are left during the construction of the site. These loopholes are found out through search engines. This information is called the Google Hacking Database. These drawbacks are prooves boon for hackers.
Using these a hacker can find out the password files, credit card details, webcam, live capturing data, login portals, and more things. There are two websites called ExploitDB and hackersforsecurity have already hacked the Google Database and keeping it on their server. They’ve kept the database in such a structured/categorized way that anybody can easily find out each information in different folders. Now, let’s talk about the tools.
Footprinting through Tools and Applications:
Google Hack Tool gives an indication as to the type of information you can find but is not as specific as the above-mentioned sites. A hacker collects his study material using this method. You can’t find out the things normally on google but using the tool you can collect many study materials for your research. So, let’s talk about another method which is used for collecting information of an individual. This method is called People search. There are two websites on google called Spokeo and AnyWho. On these two websites, you can find out the residential address and E-mail address, Contact number & Date of Birth, Photo and Social Networking profile, Blog URL, Satelite pics of private residences of an individual. There is a tool called website.informer.com, where you can find out every single information of a domain. Just type the name of the website and hit search. it will open up huge detail of the website. Now, to examine fake emails we discussed a tool above-called E-mail Tracker pro. So, to use this tool we need E-mail header. To find out this Email header, log in to Gmail> open the message you’d like to view headers for> Click the down arrow next to ‘Reply’, at the top of the message pane> Select ‘Show Original’. To download a website completely, we use a tool called HTTrack website copier. I can’t show you tutorials. Try to do yourself.
Footprinting through command prompt:
To hack a system a hacker needs to know whether the system alive or not. using ping(Packet Internet Groper) command this can be done. So, ping is a program that system administrators and hackers or crackers use to determine whether a specific computer is currently online and accessible. The command line is C/ping target(ip)/domain name.
Ping statics for (ip)
Packets: sent – 4, received – 4, Lost – 0 (0% loss).
Approximate round trip times in nilli-seconds:
If in the 2nd line the Lost shows ‘0’ then you are connected to the target system or if it shows 100% loss in the brackets then you are not connected. This way we can know whether the system currently online or not. The second command is tracert(Traceroute). This command is used to enumerate the network path from the attacker to the target. The command line is C/tracert target(ip)/domain name. So after tracert, you enter the system ip. For example, if I want to know my connectivity with google I will enter like below-
Tracing route to www.google.com [2404:6800:4007:80f::2004]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 2405:204:b107:546a:266f:bca5:853d:3794
2 * * * Request timed out.
3 96 ms 46 ms 47 ms 2405:200:312:168::2
4 62 ms 46 ms 63 ms 2405:200:801:f00::239
5 110 ms 99 ms 107 ms 2405:200:801:200::9e0
6 100 ms 98 ms 112 ms 2405:200:802:760::8