Module 02: Footprinting and Reconnaissance

Objective

The objective of the lab is to extract information about the target organization that includes, but is not limited to:

Organization Information Employee details, addresses and contact details, partner details, weblinks, web technologies, patents, trademarks, etc.
Network Information Domains, sub-domains, network blocks, network topologies, trusted routers, firewalls, IP addresses of the reachable systems, the Whois record, DNS records, and other related information
System Information Operating systems, web server OSes, location of web servers, user accounts and passwords, etc.

Overview of Footprinting

Footprinting refers to the process of collecting information about a target network and its environment, which helps in evaluating the security posture of the target organization’s IT infrastructure. It also helps to identify the level of risk associated with the organization’s publicly accessible information.

Footprinting can be categorized into passive footprinting and active footprinting:

Passive Footprinting: Involves gathering information without direct interaction. This type of footprinting is principally useful when there is a requirement that the information-gathering activities are not to be detected by the target.
Active Footprinting: Involves gathering information with direct interaction. In active footprinting, the target may recognize the ongoing information gathering process, as we overtly interact with the target network.

Lab 1: Perform Footprinting Through Search Engines

Task -1 Gather Information using Advanced Google Hacking Techniques

cache: This operator allows you to view cached version of the web page. [cache:www.eccouncil.org]- Query returns the cached version of the website www.eccouncil.org
allinurl: This operator restricts results to pages containing all the query terms specified in the URL. [allinurl: EC-Council career]—Query returns only pages containing the words “EC-Council” and “career” in the URL
inurl: This operator restricts the results to pages containing the word specified in the URL [inurl: copy site:www.eccouncil.org]—Query returns only pages in EC-Council site in which the URL has the word “copy”
allintitle: This operator restricts results to pages containing all the query terms specified in the title. [allintitle: detect malware]—Query returns only pages containing the words “detect” and “malware” in the title
inanchor: This operator restricts results to pages containing the query terms specified in the anchor text on links to the page. [Anti-virus inanchor:Norton]—Query returns only pages with anchor text on links to the pages containing the word “Norton” and the page containing the word “Anti-virus”
allinanchor: This operator restricts results to pages containing all query terms specified in the anchor text on links to the page. [allinanchor: best cloud service provider]—Query returns only pages in which the anchor text on links to the pages contain the words “best,” “cloud,” “service,” and “provider”
link: This operator searches websites or pages that contain links to the specified website or page. [link:www.eccouncil.org]—Finds pages that point to EC-Council’s home page
related: This operator displays websites that are similar or related to the URL specified. [related:www.eccouncil.org]—Query provides the Google search engine results page with websites similar to eccouncil.org
info: This operator finds information for the specified web page. [info:eccouncil.org]—Query provides information about the www.eccouncil.org home page
location: This operator finds information for a specific location. [location: EC-Council]—Query give you results based around the term EC-Council.

Lab 2: Perform Footprinting Through Internet Research Services

Task 1: Find the Company’s Domains, Subdomains and Hosts using Netcraft and DNSdumpster

Tools & Resources used in this section :

Lab 4: Perform Whois Footprinting

Task 1: Perform Whois Lookup using DomainTools

Tools & Resources used in this section :

Lab 5: Perform DNS Footprinting

Task 1: Gather DNS Information using nslookup Command Line Utility and Online Tool

Tools & Resources used in this section :

Nslookup (Command Line Utility)

Lab 6: Perform Network Footprinting

Task 1: Perform Network Tracerouting in Windows and Linux Machines

Tools & Resources used in this section :

Tracert (Windows Command line utility)
Traceroute (Linux Command line utility)

Lab 7: Perform Email Footprinting

Task 1: Gather Information about a Target by Tracing Emails using eMailTrackerPro

Tools & Resources used in this section :

Lab 8: Perform Footprinting using Various Footprinting Tools

Task 1: Footprinting a Target using Recon-ng

Tools & Resources used in this section :

Lab 9: Perform Footprinting using AI

Task 1: Footprinting a Target using ShellGPT

Tools & Resources used in this section :

⚠ OpenAPI key Required !!

PreviousCEH V13 (Master Edition)NextModule 03: Scanning Networks

Last updated 5 months ago

Module 02: Footprinting and Reconnaissance

Objective

The objective of the lab is to extract information about the target organization that includes, but is not limited to:

Organization Information Employee details, addresses and contact details, partner details, weblinks, web technologies, patents, trademarks, etc.
Network Information Domains, sub-domains, network blocks, network topologies, trusted routers, firewalls, IP addresses of the reachable systems, the Whois record, DNS records, and other related information
System Information Operating systems, web server OSes, location of web servers, user accounts and passwords, etc.

Overview of Footprinting

Footprinting can be categorized into passive footprinting and active footprinting:

Passive Footprinting: Involves gathering information without direct interaction. This type of footprinting is principally useful when there is a requirement that the information-gathering activities are not to be detected by the target.
Active Footprinting: Involves gathering information with direct interaction. In active footprinting, the target may recognize the ongoing information gathering process, as we overtly interact with the target network.

Lab 1: Perform Footprinting Through Search Engines

Task -1 Gather Information using Advanced Google Hacking Techniques

cache: This operator allows you to view cached version of the web page. [cache:www.eccouncil.org]- Query returns the cached version of the website www.eccouncil.org
allinurl: This operator restricts results to pages containing all the query terms specified in the URL. [allinurl: EC-Council career]—Query returns only pages containing the words “EC-Council” and “career” in the URL
inurl: This operator restricts the results to pages containing the word specified in the URL [inurl: copy site:www.eccouncil.org]—Query returns only pages in EC-Council site in which the URL has the word “copy”
allintitle: This operator restricts results to pages containing all the query terms specified in the title. [allintitle: detect malware]—Query returns only pages containing the words “detect” and “malware” in the title
inanchor: This operator restricts results to pages containing the query terms specified in the anchor text on links to the page. [Anti-virus inanchor:Norton]—Query returns only pages with anchor text on links to the pages containing the word “Norton” and the page containing the word “Anti-virus”
allinanchor: This operator restricts results to pages containing all query terms specified in the anchor text on links to the page. [allinanchor: best cloud service provider]—Query returns only pages in which the anchor text on links to the pages contain the words “best,” “cloud,” “service,” and “provider”
link: This operator searches websites or pages that contain links to the specified website or page. [link:www.eccouncil.org]—Finds pages that point to EC-Council’s home page
related: This operator displays websites that are similar or related to the URL specified. [related:www.eccouncil.org]—Query provides the Google search engine results page with websites similar to eccouncil.org
info: This operator finds information for the specified web page. [info:eccouncil.org]—Query provides information about the www.eccouncil.org home page
location: This operator finds information for a specific location. [location: EC-Council]—Query give you results based around the term EC-Council.

Lab 2: Perform Footprinting Through Internet Research Services

Task 1: Find the Company’s Domains, Subdomains and Hosts using Netcraft and DNSdumpster

Tools & Resources used in this section :

Dns Dumpster :
Netcraft :
Pentest Tools :

Tools & Resources used in this section :

Sherlock (Social Media Hunting) :

Lab 4: Perform Whois Footprinting

Task 1: Perform Whois Lookup using DomainTools

Tools & Resources used in this section :

WHOIS Lookup :
SmartWhois :

3. Batch IP Converter :

Lab 5: Perform DNS Footprinting

Task 1: Gather DNS Information using nslookup Command Line Utility and Online Tool

Tools & Resources used in this section :

Nslookup (Command Line Utility)
Nslookup(Web) :
Dig Lookup tool (Web) :

Lab 6: Perform Network Footprinting

Task 1: Perform Network Tracerouting in Windows and Linux Machines

Tools & Resources used in this section :

Tracert (Windows Command line utility)
Traceroute (Linux Command line utility)
PintPlotter :
Traceroute NG :

Lab 7: Perform Email Footprinting

Task 1: Gather Information about a Target by Tracing Emails using eMailTrackerPro

Tools & Resources used in this section :

Email Tracker PRO :
MX Toolbar :
Social Catfish :
IP2Location :

Lab 8: Perform Footprinting using Various Footprinting Tools

Task 1: Footprinting a Target using Recon-ng

Tools & Resources used in this section :

Recon-ng : | sudo apt install recon-ng (parrot/kali)

Lab 9: Perform Footprinting using AI

Task 1: Footprinting a Target using ShellGPT

Tools & Resources used in this section :

⚠ OpenAPI key Required !!

ShellGPT :

PreviousCEH V13 (Master Edition)NextModule 03: Scanning Networks

Last updated 5 months ago

Objective

Overview of Footprinting

Lab 1: Perform Footprinting Through Search Engines

Task -1 Gather Information using Advanced Google Hacking Techniques

Lab 2: Perform Footprinting Through Internet Research Services

Task 1: Find the Company’s Domains, Subdomains and Hosts using Netcraft and DNSdumpster

Lab 3: Perform Footprinting Through Social Networking Sites

Task 1: Gather Personal Information from Various Social Networking Sites using Sherlock

Lab 4: Perform Whois Footprinting

Task 1: Perform Whois Lookup using DomainTools

Lab 5: Perform DNS Footprinting

Task 1: Gather DNS Information using nslookup Command Line Utility and Online Tool

Lab 6: Perform Network Footprinting

Task 1: Perform Network Tracerouting in Windows and Linux Machines

Lab 7: Perform Email Footprinting

Task 1: Gather Information about a Target by Tracing Emails using eMailTrackerPro

Lab 8: Perform Footprinting using Various Footprinting Tools

Task 1: Footprinting a Target using Recon-ng

Lab 9: Perform Footprinting using AI

Task 1: Footprinting a Target using ShellGPT

Objective

Overview of Footprinting

Lab 1: Perform Footprinting Through Search Engines

Task -1 Gather Information using Advanced Google Hacking Techniques

Lab 2: Perform Footprinting Through Internet Research Services

Task 1: Find the Company’s Domains, Subdomains and Hosts using Netcraft and DNSdumpster

Lab 3: Perform Footprinting Through Social Networking Sites

Task 1: Gather Personal Information from Various Social Networking Sites using Sherlock

Lab 4: Perform Whois Footprinting

Task 1: Perform Whois Lookup using DomainTools

Lab 5: Perform DNS Footprinting

Task 1: Gather DNS Information using nslookup Command Line Utility and Online Tool

Lab 6: Perform Network Footprinting

Task 1: Perform Network Tracerouting in Windows and Linux Machines

Lab 7: Perform Email Footprinting

Task 1: Gather Information about a Target by Tracing Emails using eMailTrackerPro

Lab 8: Perform Footprinting using Various Footprinting Tools

Task 1: Footprinting a Target using Recon-ng

Lab 9: Perform Footprinting using AI

Task 1: Footprinting a Target using ShellGPT