< All Penetration Testing and Ethical Hacking (Archive) Notes

cgchavez | Penetration Testing and Ethical Hacking | Module 02 - Footprinting

By: cgchavez | Related Course: Penetration Testing and Ethical Hacking (Archive) | Published: March 29, 2018 | Modified: March 31, 2018
Join Cybrary


Anywho.com, footprinting reconnaissance tool.

Different types (hats) of reconnaissance

white hat – permission to preform a complete investigation

grey hat – questionable tactics

black hat – anonymous as possible

stay away from third party or top part of website when searching.

in search bar ”Filetypes:pdf” ny files attached to the the search item.

”spokeo.com” unique names are more narrowed

”yasni.com” almost like anywho.com but more in depth (social media)




NotepadApproach to penetration testing

 theory of footprinting

target, they can have firewall or ids

Internal attacks

  • internal dns scheme,
  • private websites directories private company stuff (holy grail),
  • dumpster diving (looking through trash),
  • shoulder surfing (physical info),
  • eavesdropping (literally)

External attacks

  • over the phone (social engineering),
  • network (back up lines and modem, dsl lines, satellites),
  • public websites,
  • email (how does info get inside the company),
  • google (who is search, who the dns servers are),
  • social network,
  • Ip rangers and network blocks,
  • web svr content (windows, linux, language),
  • mirroring (detecting operating system)
  • there are other search engines rather than google that we can use.
  • how are the url layed out, url analysis.
  • google earth,
  • people sites (what are their skill sets),
  • financial web (financial analysis),
  • job sites (type of positions for their systems),
  • alert websites,
  • archive sites,
  • web monitoring,
  • Patent/trademark
  • customers (social media)
  • press release (advertising a new product)
  • google hacking (make whole analysis of footprinting very easy)


Notepadcommand prompt

 nsLookup , pen testing tool used in  the ”command prompt” app on the computer

works differently on every operating systems.


”help” list of commands

”ls-d” lists all records

”set type = a” default

”set type = SOA”

”server” is google’s public server

”>> file.txt”

”notepad file.txt”


Notepadpath analyzer

path analyzer pro is a tool which analyzes  the basics of layer 3 and layer4  websites


ping is to test the connection in command prompt

”ping /?”

”ping ’target’”

”ping -a ’ip adress’” reverse look up

”ping ’target” -f -l ’bytes’”

”ping -i ’hops’”

hops – steps away from the host and target, distance


< All Penetration Testing and Ethical Hacking (Archive) Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?