Footprinting guide for beginners

Hello, aspiring ethical hackers. In our previous blogpost, you read about the 5 phases of ethical hacking. In this article, you will learn about Footprinting or Reconnaissance in detail. If you’re starting your journey in ethical hacking, one of the first skills you need to learn is footprinting. It may sound technical but the idea is actually simple. Footprinting means gathering information about a target before trying to hack or test it. Think of it like this: Before solving a puzzle, you first look at all the pieces.

Although, a bit boring, it is one of the most important phases of Ethical Hacking. This is because this stage lays the road to success or failure of the pen test as it gives much needed information about the target system or organization.

What is Footprinting?

Footprinting is the process of collecting information about a system, website or organization. This information helps you understand:

• What the target looks like
• How it works
• Where it might be weak

For example, before testing a website, you might want to know:

• Its domain name
• Its IP address
• What technologies it uses

Why is Footprinting Important?

In Reconnaissance, you gather as much information about the target organization that is useful in gaining access or to learn about the security posture of target organization. Reconnaissance allows pen testers to reduce the area they need to focus, identify vulnerabilities and finally know about the security posture of the company. The more information you have, the easier your job becomes. Many beginners want to jump straight into “exploitation” and “hacking tools.” But here’s the truth:

Without footprinting, you are guessing—not hacking.

Footprinting helps you:

1. Understand the Target:

You get a clear picture of what you are dealing with.

2. Find Entry Points:

You may discover hidden pages, subdomains or services running on target organization.

3. Save Time:

Instead of random attempts, you focus on what matters.

4. Think Like a Hacker:

Real attackers spend a lot of time gathering information first. It enhances hacker mindset. If done properly, the following information can be collected during the reconnaissance stage.

1. Target organization’s network information including domains and sub-domains used by it.
2. Blocks of IP addresses used by the organization that are publicly accessible etc.
3. Information about operating systems used by the organization, especially web server and in some cases even user credentials.
4. Information about the organization like the details of their employees, which include their names, addresses, Phone number, email addresses etc

Types of Footprinting

There are two main types of footprinting: Passive and Active.

1. Passive Footprinting:

In this type of footprinting, information about the target organization is collected without touching or interacting with the target directly. This is usually safe and stealthy as no interaction with the target is done.

Examples:

• Searching on Google
• Checking social media
• Looking at public websites

This is the safest way to start as a beginner.

2. Active Footprinting:

This involves interacting with the target system or network.

Examples include:

• Scanning ports
• Sending requests to servers

This is simpler than passive reconnaissance as pen testers get information directly from the target. On the flip side, the cybersecurity guys at the target organization may already know your intent as it may create lot of noise and raise suspicions.

Step-by-Step Footprinting Process

Let’s go through the step-by-step process of footprinting.

Step 1: Start with the Website

Start by visiting the target website. Look for:

• Pages (Home, About, Contact)
• Login areas
• URLs

You’ll be surprised how much you can learn just by exploring the target website. Learn more about Website Footprinting.

Step 2: Find Domain Information

Every website has a domain (like example.com). From this, you can find information like,

• IP address of the website
• Hosting details
• DNS records

This shows where the website is actually running etc. Learn more about this in Whois Footprinting, DNS footprinting etc.

Step 3: Look for Subdomains

Websites often have hidden sections called subdomains. For example, if there is a domain named “example.com”, it may have subdomains like,

• admin.website.com
• dev.website.com
• api.website.com

These are very important in the scope of reconnaissance because they are often less secure than the main domain. One useful tool to find subdomains is subfinder.

Step 4: Identify Technologies

Try to understand what the website is built with.

For example:

• Is it using WordPress, Joomla CMS etc?
• What server is running?

This matters because different technologies have different weaknesses. Useful tool here can be WhatWeb.

Step 5: Search on Google

Google is one of the most powerful tools for footprinting. Try searching:

• site:example.com
• example.com login
• example.com filetype:pdf

You might find:

• Hidden pages
• Documents
• Login portals

Learn more about Google dorking.

Step 6: Look for Public Information about the target

Sometimes, a lot of things about the target can be found using publicly available information.

Check:

• LinkedIn
• Company pages
• Other Social media

You might find:

• Employee names
• Email formats

This is useful for understanding how the organization works. Learning about Email footprinting and Metadata can be useful in this step. USeful tools here are Recon-ng, Sherlock, theharvester, Maltego, Shodan and Spiderfoot.

Conclusion

Footprinting is the first step in ethical hacking and one of the most important. If you master this skill:

• You’ll find vulnerabilities faster
• You’ll understand systems better
• You’ll think like a real hacker

Most beginners ignore footprinting. Don’t be one of them. Start slow, stay consistent and keep practicing.

Follow Us

• 
• 
• 
•