Footprinting

Question 1

What is footprinting?

Answer 1

An effort to map out, at a high level, what the landscape looks like.

Question 2

What are the two types of footprinting?

Answer 2

Passive and active

Question 3

What’s passive footprinting?

Answer 3

Collecting information from publicly available sources without any touch-points on the target

Question 4

What’s active footprinting?

Answer 4

Required the attacker to touch the device, network or resource

Question 5

What’s anonymous footprinting?

Answer 5

An attempt to hide yourself or conceal your actions

Question 6

What’s pseudonymous footprinting?

Answer 6

An attempt to misdirect your actions onto someone else

Question 7

Name the 4 key benefits of footprinting.

Answer 7

Know the security posture, reduce the focus area, identify vulnerabilities, draw a network map

Question 8

What’s competitive intelligence?

Answer 8

Information gathered by a business entity about its competitors’ customers, products and marketing

Question 9

What is the logical flow of footprinting?

Answer 9

Investigtae web resources, map out network ranges, mine whois and DNS, finish with social engineering, email tracking and Google hacking

Question 10

Name some example of passive footprinting.

Answer 10

Dumpster diving, Google search, company’s public website, DNS/WHOis lookup, Physical drive-by, Social media/LinkedIn

Question 11

Name some examples of active footprinting.

Answer 11

Social engineering, visit the building physically, network sniffing, ping/tracert, banner grabbing

Question 12

Name some ways you can use search engines to footprint a target.

Answer 12

Mapping & location-specific information eg Google Maps, employee personal information from LinkedIn, job listings & boards, social networking sites

Question 13

Name some ways you can use Google hacking to footprint a target.

Answer 13

Google search string operators, metadata in documents, Metagoofil, SiteDigger

Question 14

Name some useful Google search string operators.

Answer 14

intitle, inurl, site, filetype

Question 15

Name some ways you can use website and email footprinting.

Answer 15

Grab headers and cookies, analyse software in use, learn connection status, content type & web server information, web mirroring, website history, email headers, email tracking

Question 16

What is Black Widow used for?

Answer 16

Web mirroring

Question 17

What is Archive.org used for?

Answer 17

Cached webpages back to 1996

Question 18

What is Google Cache used for?

Answer 18

Only the most recent crawl of a website - may only be a few days old

Question 19

What is EmailTrackerPro used for?

Answer 19

See where an email travels and how it gets there

Question 20

What are some useful information you can get from an email header?

Answer 20

Source IP address, physical location, anti-virus, SPF allowed IPs

Question 21

What is WebRipper used for?

Answer 21

Web mirroring

Question 22

What is Website Watcher used for?

Answer 22

Checks web pages for changes and automatically notifies you when there’s an update

Question 23

What is Metagoofil used for?

Answer 23

Scraping metadata from documents

Question 24

Name some ways you can carry out DNS footprinting.

Answer 24

Whois records (registrant, registrar, DNS server names), Nslookup to query DNS servers for information, Zone transfer

Question 25

What is the UNIX version of Nslookup?

Answer 25

Dig

Question 26

What is OSRFramework?

Answer 26

OSINT research framework for Kali Linux that profiles individuals

Question 27

What is a web spider?

Answer 27

An application that crawls through a website

Question 28

What is Maltego?

Answer 28

An open source itnelligence and forensics application designed to demonsrate social engineering weaknesses for your environment

Question 29

What is SEF?

Answer 29

Social Engineering Framework - tools which can automate things such as extracrting email addresses out of websites

Question 30

Name some tools which could mirror a website.

Answer 30

BlackWidow, WebRipper, Backstreet Browser, GNU Wget

Question 31

Name some tools that could grab a websites’ history.

Answer 31

Google Cache, Archive.org, WayBack Machine, Website Watcher

Question 32

Name some email tracking tools.

Answer 32

Emailtrackerpro, mailtracking

Question 33

Name some tools for visually building a network map.

Answer 33

NeoTrace, Trout, VisualRoute