FOOTPPRINTING | INFORMATION GATHERING | ETHICAL HACKING

FOOTPTINTING

Footprinting is a part of reconnaissance process which is used for gathering possiable information about a target computer system or network.

Footprinting can be both active and passive. Reviewing a company's website is an example for passive footprinting and attempting to gain access to sensitive information through social engineering is an example for active footprinting.

As it is the step where a hacker gathers as much as information possible to find ways to intrude into a target system or at leasr decide what type of attacks will be more suitable to the target.

During this phase an attacker can collect information like -

• Domain name
• IP Addresses
• Namespaces
• Employee Information
• Phone Numbers
• E-mails
• Job Information

Domain Name Information

We can use https://www.whois.com/whois website to get detailed information about the domain name information including its owner, its registar, date of registration, expiry, name server, owner's contact information etc.

Here is a sample record of our blog https://c0debyte.blogspot.com/ extracted from WHOIS Lookup

FINDING IP ADDRESS

We can use ping command at our prompt. This command is available on windows as well as on linux os. Look at the example below to know the usage of ping command

$ ping c0debyte.blogspot.com 

It produces the following

PING blogspot.l.googleusercontent.com (142.250.67.65) 56(84) bytes of data.

64 bytes from maa05s13-in-f1.1e100.net (142.250.67.65): icmp_seq=1 ttl=117 time=27.7 ms

64 bytes from maa05s13-in-f1.1e100.net (142.250.67.65): icmp_seq=2 ttl=117 time=34.0 ms

64 bytes from maa05s13-in-f1.1e100.net (142.250.67.65): icmp_seq=3 ttl=117 time=30.9 ms

64 bytes from maa05s13-in-f1.1e100.net (142.250.67.65): icmp_seq=4 ttl=117 time=35.8 ms

64 bytes from maa05s13-in-f1.1e100.net (142.250.67.65): icmp_seq=7 ttl=117 time=28.5 ms

FINDING HOSTING COMPANY

Once you have the website affress, you can further detail by using https://www.ip2location.com/  website.

Here the ISP row gives you the detail about the hosting comapny because IP addresses are usually provided by hosting companies only.

IP ADDRESS RANGES 

Small sites may have a single IP address associated with them, but larger websites usually have multiple IP addresses serving different domains and sub-domains. We can obtain a range of IP addresses assigned to a particular company using American Registry for https://www.arin.net/

HISTORY OF WEBSITE

It is very easy to get a complete history of any website using https://archive.org/ . You can enter a domain name in the search box to find out how the website was looking at a given point of time and what were the pages available on the website on different dates.

In next article we see about Fingerprinting and demo examples.

Thankyou.