Footprinting Flashcards
What is footprinting?
An effort to map out, at a high level, what the landscape looks like.
What are the two types of footprinting?
Passive and active
What’s passive footprinting?
Collecting information from publicly available sources without any touch-points on the target
What’s active footprinting?
Required the attacker to touch the device, network or resource
What’s anonymous footprinting?
An attempt to hide yourself or conceal your actions
What’s pseudonymous footprinting?
An attempt to misdirect your actions onto someone else
Name the 4 key benefits of footprinting.
Know the security posture, reduce the focus area, identify vulnerabilities, draw a network map
What’s competitive intelligence?
Information gathered by a business entity about its competitors’ customers, products and marketing
What is the logical flow of footprinting?
Investigtae web resources, map out network ranges, mine whois and DNS, finish with social engineering, email tracking and Google hacking
Name some example of passive footprinting.
Dumpster diving, Google search, company’s public website, DNS/WHOis lookup, Physical drive-by, Social media/LinkedIn
Name some examples of active footprinting.
Social engineering, visit the building physically, network sniffing, ping/tracert, banner grabbing
Name some ways you can use search engines to footprint a target.
Mapping & location-specific information eg Google Maps, employee personal information from LinkedIn, job listings & boards, social networking sites
Name some ways you can use Google hacking to footprint a target.
Google search string operators, metadata in documents, Metagoofil, SiteDigger
Name some useful Google search string operators.
intitle, inurl, site, filetype
Name some ways you can use website and email footprinting.
Grab headers and cookies, analyse software in use, learn connection status, content type & web server information, web mirroring, website history, email headers, email tracking
What is Black Widow used for?
Web mirroring
What is Archive.org used for?
Cached webpages back to 1996
What is Google Cache used for?
Only the most recent crawl of a website - may only be a few days old
What is EmailTrackerPro used for?
See where an email travels and how it gets there
What are some useful information you can get from an email header?
Source IP address, physical location, anti-virus, SPF allowed IPs
What is WebRipper used for?
Web mirroring
What is Website Watcher used for?
Checks web pages for changes and automatically notifies you when there’s an update
What is Metagoofil used for?
Scraping metadata from documents
Name some ways you can carry out DNS footprinting.
Whois records (registrant, registrar, DNS server names), Nslookup to query DNS servers for information, Zone transfer
What is the UNIX version of Nslookup?
Dig
What is OSRFramework?
OSINT research framework for Kali Linux that profiles individuals
What is a web spider?
An application that crawls through a website
What is Maltego?
An open source itnelligence and forensics application designed to demonsrate social engineering weaknesses for your environment
What is SEF?
Social Engineering Framework - tools which can automate things such as extracrting email addresses out of websites
Name some tools which could mirror a website.
BlackWidow, WebRipper, Backstreet Browser, GNU Wget
Name some tools that could grab a websites’ history.
Google Cache, Archive.org, WayBack Machine, Website Watcher
Name some email tracking tools.
Emailtrackerpro, mailtracking
Name some tools for visually building a network map.
NeoTrace, Trout, VisualRoute
