Author: kanishka10

Hello, aspiring Ethical Hackers. In our previous blogpost, you have learnt what is footprinting and various methods to perform footprinting. One such type of Footprinting is Email Footprinting or Email analysis.

Not just that. Emails are one of the most common ways cyber attacks happen. From phishing scams to malware delivery, attackers often use email as their first point of entry. That’s why learning email analysis is an important skill for anyone interested in cybersecurity or ethical hacking. The good news?

You don’t need advanced skills to start learning it. In this beginner-friendly guide, you’ll learn:

• What email analysis is
• Why it matters
• How to analyze emails step by step
• What suspicious signs to look for

What is Email Analysis?

Email analysis is the process of examining an email to determine whether it is safe, suspicious or malicious. This includes checking:

• Sender information
• Links
• Attachments
• Email headers
• Writing style

In simple terms, you investigate an email before trusting it.

Why is Email Analysis Important?

Cybercriminals rely heavily on email attacks because they target people directly. Email analysis helps:

• Detect phishing attempts
• Identify fake senders
• Prevent malware infections
• Protect sensitive information

Why Attackers Use Email:

Email attacks are effective because:

• People trust familiar brands
• Emails can create urgency
• Users may click without thinking

Even experienced users can be fooled.

Common Types of Malicious Emails

Before analyzing emails, you should understand some of the common malicious emails.

1. Phishing Emails:

These email are designed to steal:

• Passwords
• Banking details
• Personal information

Usually pretend to be:

• Banks
• Companies
• Online services

2. Malware Emails:

Contain:

• Malicious attachments
• Dangerous download links

Goal:

• Infect systems

3. Spoofed Emails:

The sender address is faked to appear legitimate.

4. Scam Emails:

Try to trick victims into:

• Sending money
• Sharing sensitive information

Step-by-Step Email Analysis Process

Let’s go through a simple beginner workflow of analysing emails.

Step 1: Check the Sender Address:

This is the first thing you should inspect. Attackers often use:

• Misspelled domains
• Fake addresses

Example:

Real:

• support@company.com

Fake:

• support@cornpany.com

Notice the subtle difference?

Step 2: Analyze the Subject Line:

Suspicious emails often create:

• Fear
• Urgency
• Curiosity

Examples:

• “Your account will be suspended!”
• “Urgent payment required!”

Attackers want you to react quickly.

Step 3: Look For Suspicious Links:

Never trust links inside an email immediately. Hover over links and check:

• Destination domain
• Strange URLs

Red Flags:

• Random characters
• Shortened URLs
• Misspelled domains

Step 4: Inspect Attachments:

Attachments can contain malware. Be cautious with:

• ZIP files
• EXE files
• Office documents with macros

If unexpected, don’t open them.

Step 5: Check the Writing Style:

Many phishing emails contain:

• Grammar mistakes
• Unusual wording
• Generic greetings

Examples:

• “Dear user”
• “Dear customer”

Legitimate companies usually personalize emails.

Step 6: Analyze Email Headers:

Headers contain technical information about the email. They can reveal:

• Sending servers
• Email path
• Authentication results

Why Headers Matter:

Headers help identify:

• Fake senders
• Spoofing attempts

Beginners don’t need to master headers immediatel but learning basics helps a lot. Let’s show you a simple example of header analysis of a real-world email received on Gmail. Go to your Inbox and open a mail. Go to the vertical dots (move button) at the top right of the email and click on it as shown below.

Click on “Show original”.

This should show you the entire email headers of the particular mail.

Let’s learn about each header in detail.

Delivered To:

Email address to whom the mail has been delivered.

Received:

This header indicates all the SMTP servers through which this email has passed through before reaching to your Inbox. This contains server IP address, SMTPID etc.

X-Google-SMTP-source:

It shows the transferring email using a Gmail SMTP server. If this header is present, then it usually means this was transferred by GMAIL SMTP server.

X_Received-BY:

This header indicates the last visited SMTP server the mail reached before reaching your Inbox. It contains Server IP address, SMTP ID of the visited server and Date & time when the email was received by the SMTP server.

ARC-Seal, ARC-Message-Signature, ARC-Authentication-Results: ARC stands for Authenticated Receiver Chain (ARC). This is used to preserve email authentication results and to verify the identity of email intermediaries that forward a manage to its final destination (i.e. your Inbox).

SMTP-mailfrom:

You can see the IP address of the sender of the email.

Return-Path:

This is the path specified to go when email is bounced or not sent.

Received SPF:

SPF stands for Sender Policy Framework. This is used to prevent sender address forgery. It SPF is set to PASS, the Email source is valid, if it is softfail, it is likely the email source is fake and if it is having value Fail, source is invalid.

This is how Email headers can be analysed.

Step 7: Verify Before Taking Action:

If an email seems suspicious, don’t click immediately. Instead:

• Visit the official website manually
• Contact the company directly

Real-World Example (Simple Scenario)

Imagine receiving an email saying:

“Your account has been locked. Click here immediately.”

You notice:

• The sender domain looks slightly different
• The link points to another website
• The email creates panic

These are classic phishing indicators.

Tools Used in Email Analysis

Beginners can use simple tools to help analyze emails. Common Tool Types:

• Header analyzers
• URL scanners
• Attachment scanners

These tools help identify suspicious indicators.

Common Mistakes Beginner Make

Avoid making these mistakes.

Trusting Display Names:

Attackers can fake names easily. Always inspect actual email address.

Clicking Too Quickly:

Urgency is a common attacker tactic.

Ignoring Small Details:

Tiny spelling changes matter.

Assuming “Professional Looking” Means Safe:

Some phishing emails look very convincing.

Tips to Improve Your Email Analysis Skills

Slow Down:

Most mistakes happen because users rush.

Think Like an Atatcker:

Ask:

• How is this trying to manipulate me?

Practice Regularly:

Analyze:

• Spam emails
• Example phishing emails

Compare Real vs Fake Emails:

This improves recognition skills quickly.

Legal & Ethical Reminder

When learning email analysis, never:

• Open suspicious files recklessly
• Interact with malicious links on real systems

Always:

• Use safe environments
• Practice responsibly

Why Email Analysis Matters in Cybersecurity?

Email analysis is important because:

• Many attacks begin with phishing
• Human error is a major security risk

Strong email analysis skills help:

• Protect individuals
• Protect organizations

Beginner Practice Ideas

Here are some ideas for beginners to practice email analysis.

1. Analyze Spam Emails:

Look for:

• Suspicious wording
• Fake domains

2. Study Example Phishing Emails:

Compare them with legitimate emails.

3. Learn Basic Headers:

Understand how email routing works.

How Email Analysis Helps Ethical Hackers?

Ethical hackers use email analysis to:

• Understand phishing techniques
• Test organizational awareness
• Investigate incidents

It builds both defensive and analytical skills.

Conclusion

Email analysis is one of the most practical beginner cybersecurity skills you can learn.

You don’t need:

• Expensive tools
• Advanced programming skills

You just need:

• Attention to detail
• Curiosity
• Practice

Key Takeaways

• Always inspect sender addresses
• Be cautious with links and attachments
• Analyze before trusting
• Think critically]]

Next time you receive an email: Don’t just read it. Analyze it. That’s how cybersecurity professionals think.

Hello, aspiring Ethical Hackers. In our previous blogpost on Footprinting guide, you learnt about various techniques of Footprinting. In this blogpost, you will learn about DNS Footprinting which is one of the techniques of Footprinting in detail. If you’re starting your journey in ethical hacking, one of the most important skills to learn is DNS footprinting.

It may sound technical at first but the concept is actually simple. DNS footprinting is about understanding how a domain connects to real systems on the internet. In this beginner-friendly article, you’ll learn:

• What DNS footprinting is
• Why it matters
• How to do it step by step
• What to look for as a beginner

What is DNS Footprinting?

To understand DNS footprinting, you need to first understand what DNS is. DNS stands for Domain Name System. It acts like the phonebook of the internet. When you type a name of the website (like example.com), DNS translates it into an IP address that computers understand.

DNS footprinting means collecting information about a domain using DNS records.

Why is DNS Footprinting Important?

DNS footprinting reveals a lot about a target’s infrastructure. It helps you:

1. Understand System Structure:

You can see how a website is set up.

2. Discover Hidden Assets:

Discover subdomains like:

• dev.example.com
• admin.example.com

3. Identify Services:

DNS can reveal information about:

• Email servers
• Hosting providers

4. Map Attack Surface:

You get a clearer picture of what can be tested.

Hence, DNS footprinting is a key part of reconnaissance (information gathering).

Key DNS Records Explained for Beginners

When you perform DNS footprinting, you’ll encounter different types of records. Let’s simplify them:

1. A Record:

This record maps a domain to an IP address. For Example,

example.com --> 192.168.x.x

2. MX Record:

This record specifies mail servers used for email delivery.

3. NS Record:

This record shows name servers. Also indicates who manages DNS.

4. CNAME Record:

Alias for another domain. Helps redirect traffic.

5. TXT Record:

Stores text information related to the domain. Often used for:

• Verification
• Security policies

Understanding these records is important while performing DNS Footprinting.

How to Perform DNS Footprinting (Step-by-Step)

Let’s break down how to perform DNS Footprinting into simple steps.

STEP 1: Choose a Target Domain:

Start with:

• Your own website
• Or Practice domains

Always stay within legal boundaries.

STEP 2; Query DNS Records:

You can use:

• Online DNS lookup tools
• Command line tools

STEP 3; Analyze A Records:

Find:

• IP addresses
• Hosting information

STEP 4; Check MX Records:

Identify:

• Email infrastructure

STEP 5; Look at NS Records:

Understand:

• DNS providers

STEP 6; Discover Subdomains:

Find additional assets connected to the domain.

STEP 7; Document everything:

Note down:

• Records
• Findings
• Patterns

This builds your analysis skills.

Example: What You Might Discover

With DNS footprinting, you might find:

• Multiple subdomains
• External email servers
• Cloud hosting providers

This will help you to understand:

• System architecture
• Potential weak points

Tools for DNS Footprinting

Start with simple tools:

• DNS lookup tools like nslookup and dig
• Subdomain discovery tools
• Command-line utilities

Here’s an example command with nslookup

nslookup example.com

Here’s another example with dig.

dig example.com

These help you to query DNS records quickly.

Common Mistakes Beginners Make

Here are some common mistakes beginners make during DNS Footprinting. Avoid making these.

Ignoring DNS Records:

Many beginners skip this step entirely.

Not Understanding Output:

Focus on meaning, not just data.

Collecting Too Much Data:

Filter the output to collect what’s useful.

Not connecting the collected Information:

Combine DNS with:

• WHOIS
• Subdomain discovery

Tips To Improve Your DNS Footprinting Skills

1. Be curious:

Ask yourself:

• What else is connected?

2. Connect the Dots:

Combine multiple sources of information.

3. Take Notes:

Track everything you find.

4. Practice Regularly:

Try different domains.

Legal & Ethical Reminder

DNS footprinting is generally safe but you must stay ethical.

Never:

• Use information for illegal purposes
• Target systems without permission

Always:

• Practice responsibly
• Use labs or your own domains

Conclusion

DNS footprinting is a fundamental skill in ethical hacking. It teaches you how to:

• Understand infrastructure
• Gather intelligence
• Think like a security professional

And the best part is that you can start learning it today with minimal tools.

Hello, aspiring Ethical Hackers. In our previous blogpost on Footprinting, you learnt various techniques by which hackers gather information about their targets. In this blogpost, you will learn about Google Dorking or Google Hacking, one of the techniques by which real-world hackers gather information.

Everyone knows what Google is. It is the most popular Search Engine that provides answers for anything we want, almost anything. Just a click away. However, if you think Google is just for searching websites, you’re only scratching the surface. For ethical hackers, Google is a powerful information-gathering tool—so powerful that it can reveal hidden data, login pages and even sensitive files. This technique is called Google Hacking (also known as Google Dorking).

Don’t worry—it’s not as complicated as it sounds. In this beginner-friendly guide, you’ll learn what Google hacking is, how it works and how to start using it safely and effectively.

What Is Google Dorking (Google Hacking)?

Google Dorking is the process of using advanced search techniques to find information that is not easily visible through normal searches. Instead of typing simple keywords, you use special search operators to filter results.

In simple terms:
You tell Google exactly what to find.

Why is Google Dorking Important?

Google indexes a huge portion of the internet. Sometimes, websites accidentally expose:

• Login pages
• Documents
• Backup files
• Sensitive information

Google dorking helps you:

• Discover hidden data
• Understand a target better
• Find potential weaknesses

It’s a key skill in footprinting (reconnaissance).

Basic Google Search Operators

Let’s learn about some of the basic Google dork operators.

1. site:

This operator helps you to search for something within a specific website.

For example:

site: example.com

query finds all pages indexed from the domain example.com.

2. intitle:

Uisng this you can search for keywords in page titles.

For example:

intitle: "login"

This query is useful for finding login pages.

3. allintitle:

Works similarly to “intitle” but will show pages containing all the multiple keywords specified.

For example:

allintitle: "Best Project tools"

Shows the pages having all the words given above present.

4. inurl:

Search within URLs.

For example:

inurl:admin

query finds pages with “admin” in the URL.

5. allinurl:

Displays pages containing all the specified keywords in the URL.

For example:

allinurl:login.php

This query displays all the pages having both words in the URL.

6. filetype:

This query is used to search for specific file types.

For example:

filetype:pdf

query can reveal:

• Documents
• Reports
• Public files
• and all other files in PDF format.

7. intext:

This query is used to search for a text within page content.

For example:

intext:"confidential"

query reveals pages containing text “confidential”.

8. allintext:

This query is used to search for web pages containing all of the specified words within the body text of the page.

For example:

allintext:"About us"

This query will display all the webpages containing the above two keywords in the body text.

9. cache:

This query displays the last cached version of a website stored by Google.

For example:

cache:example.com

This query displays the last cached version of the website example.com

Google Dorking examples for beginners

Here are some real-world examples of Google hacking for beginners.

1. Find all pages of a website:

site:example.com

This query helps you to map the entire website.

2. Find Login page of a specific website:

site:example.com intitle:"login"

3. Find Documents:

site:example.com filetype:pdf

Helps find you all PDF documents (reports, internal documents) on the website.

4. Find Admin Panels:

inurl:admin

Shows pages that may be restricted.

How Google Hacking Fits in Ethical Hacking

Google hacking is part of Footprinting (Reconnaissance phase). Before testing a system, you need to gather information. Google helps you:

• Discover assets
• Identify exposed content
• Understand structure

It’s often the first step in any security assessment.

Tips for Better Google Hacking

To get better results with Google dorking, you should follow these tips.

1. Combine Operators:

For example:

site:example.com inurl:login filetype:php

This narrows results significantly.

2. Think Like a Search Engine:

Ask yourself:

• What words would appear on this page?
• How would it be structured?

3. Experiment:

Try different combinations and observe results.

4. Take Notes:

Track:

• Useful queries
• Interesting findings

Common Beginner Mistakes

Beginners often make these mistakes while using Google Dorking. Avoid these.

Using only Basic Searches:

Normal searches won’t reveal hidden data.

Not Understanding Results:

Don’t just search. Analyze what you find.

Trying To Do Too Much:

Start simple. Master basics first.

Ignoring Ethics:

This is the biggest mistake.

Real-world Use Cases

Google dorking can help you:

• Discover exposed files
• Identify login portals
• Find outdated pages
• Understand system structure

No doubt security professionals use this technique daily.

Beginner Practice Plan

Here’s a simple plan for you to practice Google dorking.

Day 1:

Learn basic operators

Day 2:

Practice on safe websites

Day 3:

Combine operators

Day 4:

Analyze results

Day 5:

Repeat with new queries

Within a week, you’ll see improvement.

Conclusion

Google hacking is one of the easiest ways to start learning ethical hacking. You know why? Because

• Advanced tools
• Complex setups

Just your brain and a search bar.