Footprinting is the process of collecting as much information as possible about a target network,for identifying various ways itrude into an organisation's network system Footprinting is the first step of an attack on information system; attacker gather publically available information,using which he/she performs social engineering,system and networkk attack,etc .that leads to huge financial loss and loss of business reputation 1.Know Security Posture Footprinting allows atackers to know theexternal security posture of the target oraganisation 2.Reduce Focus Area It reduce attackers focus area to specific range of ip adress,networks,domain names,remote access etc. 3.Identify Vulnerability It allows attacker to identify vulneribilities in the target system in order to select appropriate exploits 4.Draw Network Map It allows attacker to draws a map or outline the target oraganisation's network infrastructureto know about the actual environment that they are going to break.
Attackers use search engine to extract information about the target such as technology platforms,employee details,login pages,internet portals,etc.Which helps in performing social engineering and other types of advanced system attacks Search engine cache and internet archives may also provide sensitive information that has been removed from the World Wide web(www)
Search for the target comapanys external URL in a search engine such as google,bing,etc. Restricted URLSs provide an insight into different department and business units in an organisation You may find companys restricted URLs by trial and error method using a service Such as Netcraft
Use SHODAN search engine tht lets you find sepcific computers(routers,servers,etc)using variety of filters
Collect the location information of your target oraganisation this will let you know where your target machine is located you can use Google Earth tool to get the Physical Location of the target.\ The following Tools will help you to finding the Geographical location 1.Google Maps 2.Wikimapia 3.Yahoo Maps 4.Bing Maps
Social networking sites are the great source of personal and orgaizational information.Infromation about an individual can be found at varios people search websites.thet people search returns the following information about a person or orgaizationa. 1.Residential adress and email adresses 2.Contact number and Date Of Birth 3.Photos and social networking profiles 4.Blog URLs There are also some services which allows you to search people online as following
Google hacking refers to create complex search queries in order to extract sensitive or hidden information.
It uses advanced Gogle search operators locate specific string of text within the search results
Use Google advance search option to find sites that may link back to the target company's website. This may eatrach information such as Partners,vendors,clients,and other affiliations for target website with google advance search option,you can search web more precisely and accurately.
Attackers use social engineering trick to gather sensitive information,from socail networking websites such as facebook,Twitter,etc. Attackers create fake profilw on social networking site and then use the fake identity to lure the employees to give up their sensitive information Employees may post personal information such as date of birth,educational and employment backgrounds,spouse names etc.And information about their company such as potential clients and business partners, trade secrets of business,website,company's upcoming news,mergers,acquisitions,etc Attackers collects information about employees intrests by tracking their group and then trick the employee to reveal more information.
web spiders performs autometed searchers on the target website and collect specified information such as employee names,email adress,etc. Attackers use the collected information to perform further footprinting and social engineering attacks.
Mirroring an entire website onto the local system enables anatatcker to browse offile;it also assist finding directory structure and other valuable information from the mirrored copy without multiple request to web server. Web mirroring tools allows you to download a website to a local directory,building recursively all directories,html,images,etc.
Competitive intelligence gathering is the process of identifying,gathering,analyzing,verifying,and using infromation about youy competitors from resource such as the Internet Competitive intelligence is non-interfering and subtle in nature
WHOIS database are maintained by Regional Internet Registers and contain the personal infromation of domain owners
Attackers can gather DNS information to determine key hosts in the network and can perform social engineering attack