Venom Academy/Ethical Hacking/Footprinting
Footprinting is under information gathering. Footprinting is the method used to gather information on a host or system through lookups and scanning. Footprinting can be divided into different manners, we shall be looking into all of those in this chapter.
Types
editFootprinting is mainly divided into two:
- Active Footprinting - Involves interaction with the target system, this involves direct scans and other types of scans
- Passive Footprinting - Involves the use of OSINT - Open-source intelligence
Advantages of Footprinting
editA hacker would Footprinting a host for certain reasons, below are some ways that Footprinting could be an advantage in penetration testing.
Footprinting is performed to find:
- Information about the security posture of a host
- Its also used as a method of reducing the focus area
- Footprinting can be used to identify vulnerabilities
- Its also done on networks, to discover deeper information on the target network.
Lab Exercise
editNow we shall be looking into a few examples of Footprinting
Google hacking
editGoogle hacking is a method of using the Google search engine to narrow down searches. Below is the Google hacking cheat sheet
Google hacking key | Example | Description | |
---|---|---|---|
Filetype: type | filetype:docs | Used to search for file types | |
inititle:string | inititle:login |
Used to search for a specific page title | |
iniurl:string | iniurl:login | Used to find a specific string in a URL |
https://shodan.io is also called "The search engine for hackers". It is similar to a regular search engine but it only searches specific data on specified hosts. To use Shodan all that is required is for you to create an account. Shodan can show usernames and even passwords of certain systems and hosts
The Harvester
editOne of the most important vulnerabilities in a organization is it's employees. Gathering information about e-mails of employees Ina certain organization can give us a broad range of attacking vectors. This method is classified under passive information gathering. We use a special program called TheHarvester which is written in python. The Harvester works by spidering public pages of a given domain while gathering e-mail addresses simultaneously. You can download the Harvester from GitHub for termux or your computer. Now let's see how we can use The Harvester. The Harvester comes with a couple of commands. To see the help index type the command below.
root@venom [$]~ theHarvester -h
The above will show you the list of commands that can be executed with The Harvester. The commands are below
- -l is used to limit the the results that you receive
- -d is used to specify the target domain that we want to footprint on
- -b is used to specify the place that you want to extract information from
If the help index is hard to understand let's look at an example.
root@venom [$]~ theHarvester -d microsoft.com -l 500 -b google
In the example above we can see that:
- We have limited the results to 500
We have set the target domain to "microsoft.com
We chose to perform our search on Google
When a command like the example above is used, the Harvester will respond with a list of e-mails. In this case the response below was shown.
[+]Emails found:
-------------------------
devnom@microsoft.com
Fleming@microsoft.com
newsp@microsoft.com
playXBLA@microsoft.com
webcamps@microsoft.com
tharris@microsoft.com
WHOIS is a large database that contains formation on technically all the websites on the web. The information that are shown includes, the owner of the website and contact details of the owner. Who is can be installed on android termux and linux using the following command
apt-get install whois
Inn order to perform a whois search on a website, you first need to invoke whois then specify the target website
whois www.venomacademy.tk