Hello aspiring Ethical Hackers. In this blogpost you will learn about Footprinting or Reconnaissance. It is the first step of Ethical hacking. Although boring a bit, it is one of the most important stages of Ethical Hacking. This is because this stage lays the road to success or failure of the hack as it gives much needed information about the target system or organization.
Objectives Of Footprinting
In Reconnaissance, you gather as much information about the target organization that is useful in gaining access or to learn about the security posture of your organization depending on which color HAT you want to wear. Reconnaissance allows pen testers to reduce the area they need to focus, identify vulnerabilities and finally know about the security posture of the company.
What information does Reconnaissance reveal?
The following information can be collected from the Reconnaissance stage.
- Target organization’s network information including domains and sub-domains used by the organization.
- Blocks of IP addresses used by the organization that are accessible from outside. etc.
- Information about operating systems used by the web server OS, location of the Web server and in some cases user credentials.
- Information about the organization like the details of their employees, which include their names, addresses, Phone number, Personal email addresses etc
Types Of Footprinting
There are two types of footprinting: Passive and Active.
1. Passive Footprinting:
In passive reconnaissance, information about the target organization is collected without actively without engaging with or any interaction with the target organization. This type of foot printing is very difficult as all the information needs to be collected from publicly available resources with search engines, job sites, social media, documents available in public domain etc. On the plus side, this type of foot printing allows pen testers to stay a bit confidential as it raises less suspicions on the target side.
2. Active Footprinting:
In Active reconnaissance, the attackers engage or interact with the target organization. This is simpler than passive reconnaissance as pen testers gets information directly from the target. On the flip side, the security guys at the target organization may already know your intent as it raises suspicions. Information will be collected about the target organization by scanning and enumerating target directly.
Techniques of Footprinting
The various techniques of Reconnaissance include,
Reconnaissance through Search Engines
Reconnaissance through Web Services
Website Footprinting
Email Footprinting
WhoIs Footprinting
DNS Footprinting
Network Reconnaissance
Metadata
Competitive Intelligence
Social Engineering Reconnaissance