Reconnaissance Flashcards
Footprinting
Part of reconnaissance, mapping out at a high level what the landscape looks like. During footprinting, you look for any information that might give you some insight into the target - no matter how big or small. Investigating web resources and competitive intelligence, mapping out network ranges, mining whois and DNS, social engineering, email tracking, Google Hacking.
Anonymous Footprinting
Obscure the source of footprinting activities.
Pseudonymous Footprinting
Attributing your actions to someone else when conducting footprinting.
Focus and Benefits of Footprinting
- Know the security posture
- Reduce the focus area (network range, number of targets)
- Identify vulnerabilities
- Draw a network map
Active Footprinting
Requires the attacker to touch the device, network or resource.
Passive Footprinting
Collecting information from public records.
Competitive Intelligence
Information gathered by a business entity about its competitors, customers, products and marketing.
www.attentionmeter.com
Compares website traffic from hosts of different sources and provides traffic data and graphs.
Websites that provide information on company origins and how it developed during the years.
EDGAR database. Hoovers, LexisNexis, Business Wire
Websites that provide company plans and financials
SEC Info, Experian, Market Watch, Wall Street Monitor, Euromonitor
Web Mirroring Tools
Black Widow, GSA Email Spider, NCollector Studio, HTTRACK, GNU Wget
Google Hacking: filetype:type
Searches for files only of a specific type. (DOC, XLS. etc.) Example: filetype:doc
Google Hacking: index of /string
Displays pages with directory browsing enabled. Example: “intitle:index of “ passwd
Google Hacking: info:string
Displays information Google stores about the page itself: Example: info:www.anycomp.com
Google Hacking: intitle:string
Searches for pages that contain the string in the title. Example: intitle: login You can also use allintitle for multiple search strings: Example: allintitle:login password
Google Hacking: inurl:string
Displays pages with the string in the URL. Example: inurl:password For multiple strings use allinurl, Example: allinurl: etc passwd
Google Hacking: link:string
Displays linked pages based on a search term.
Google Hacking: related:webpagename
Shows webpages similar to webpagename
Google Hacking: site:domain or web page string
Displays pages for a specific website or domain holding the search term. site:anywhere.com passwds
Google Hacking: allinurl:tsweb/default.htm
Displays RDP Web pages
Google Hacking Tools
SiteDigger and Metagoofil (searches document meta tags)
History Sites
www.archive.org and Google Cache
Email tracking programs
www.emailtrackerpro.com
www.mailtracking.com
GetNotify
ContactMonkey
Yesware
ReadNotify,
WhoReadMe,
MSGTAG,
TraceEmail and
Zendio
DNS Name Resolvers
Answer DNS requests