2.2 Footprinting Basics

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

19 hours 55 minutes
Video Transcription
I welcome back to the course in the last video, we went over our pre assessment for the foot. Pretty module. So if you haven't gone through that video Yeah, go ahead and pause this. Want to go back to it? It's just a couple of questions to test your knowledge on the subject.
So let's go ahead and get started. So in this video, we're gonna talk about the difference between active and passive foot printing. We're also gonna talk about some of the benefits of foot printing and how it helps us in our penetration test and then also some different ways we can do for printing.
So for printing itself, active is gonna be some type of interaction with our target. So that might be a person or ah, company that we're in A. We're targeting.
And so we have some type of interaction, so that might be like contacting them on social media and might be making a phone call to the company or going in person and trying tow talk to some of the employees. It could even be something like doing a port scan. So we're actually trying to get information on what servers they have running.
And then, of course, passive is kind of your hands off type of thing. So it's more of the publicly if public information Excuse me
that you know they made may or may not know that you're trying to get. So I might do a quick Google search on like Marcus off, for example, and I could find all sorts of information, and they may also go to even social media where I'm not interacting with them. But I'm just looking at their pages and their posts and trying to get information about what kind of products are they launching,
you know, and, you know, maybe some employees that worked there, what are their titles?
And that way I could use that later on.
So some of the benefits of foot printing lets us know the security posture of the organization. So essentially we can find out information about what kind of operating systems other using where that you know, the usual windows. Are they using Lennox or Mac OS or they using a combination of each, you know, do they have Web service where they running Apache or something like that?
Are they using the cloud you know, Are they using the juror or AWS or Google Cloud?
Really, And tying into that it helps us reduce our focus area. So if we know that they're running nothing but window stuff,
we wouldn't waste time front, right, Malicious code for Olynyk system. That doesn't make any sense. So it helps us reduce our focus area and also with active foot printing where we could do like port scanning. It helps us reduce down to the actual targets that we find viable
again. It helps us identify vulnerabilities on those particular tire targets that we do identify and then also helps us build out a map of the actual network so we can figure out what we want. A hack.
So how do we do this? How do we do footprint? Well, there's a ton of ways, and this is not an all inclusive list. But some of the common ways are using different search engines like Google or being any even other ones like Duck Duck go and then also doing some Google hacking on. We'll talk about that and we'll actually have a lab on Google hacking and showdown, which is the next one up
So showdown is essentially the hackers,
um, search engine, if you will. And basically it allows you to see vulnerable device is out on the Internet. And so you might even be able to truncate down to the actual company you're looking for and see what kind of vulnerable devices they have. There is. Well, now there is a free and paid version of show dance in the papers and obviously has more features that allows you to do a lot more filtering.
So I do recommend that if you're gonna be penetration tester
and then who is social media job boards, et cetera, So
search engines again, I mentioned that we could just do like a quick Google search or something. So I pulled up Bill Gates here. But if we went through and scroll through all this, you see, we got just looking at this page here. We have, you know, Wikipedia page on him where they don't tell us information. We dressed him comment, search questions that people do. We've also got the Twitter. We could see different posts.
We can, you know, go down there. We see Bill's personal block there.
I mean, obviously Bill Gates is a pretty popular guy in a celebrity, so you'll find all sorts of information. But you could do the same thing with any company. You could just do a quick Google search and see what type of information you could find. You could even go to their website and, you know, look at different jobs for posting and try to see, like, what kinds of software they're using
for that particular job of what they're requiring for that that'll give you some good information.
Google hacking. So we will have a lab on this. But essentially, this, uh, little string here is just pulling any type of excel file with a password in it. So with passwords in, it s oh, that's very beneficial. If you can find your particular company and use these different strings to narrow down and try to find some passwords that might be out there posted on the Internet,
this one right here is just Ah, this Google hack command. This is gifts allowing us to find Gu Basically vop v o i p. Excuse me. So voice over i p router Loggins. So we're finding the log in page here and whether these actually work or not? We don't know. I haven't clicked on him. But essentially word that's what we're
do The little Google hack for to find that information
showdown hasn't mentioned that. See, ah, quote unquote search engine for hackers. You basically just search anything that you want so I could type in like Cisco, which will actually do in the lab. And we'll pull up all sorts of vulnerable routers and other devices.
Who is is Ah, great tool. I use the eye can one. But there's a lot of websites out there that are quote unquote who is. But essentially, it's allowing you to look up a particular website, a particular domain name and see information about that. So I just I just look up Google here s O. We see if we look at the bottom left here,
we see it's gonna show said it's actually mark. Monitors register on that,
and then we've got, like, an email address, a phone number, etcetera. So it gives us some information that we can use
Social media. That's pretty common sense type of thing nowadays, but you'd be amazed at what people will put on social media, especially websites like linked in a few. If you're If you are a pen tester and and and the laws in your particular area allow you to create, like a fake account on there,
um, you know, go ahead and create a fake one you do linked into Just connect with people and see what kind of
information you can casually get you know about the company or even just look at their profile. I mean, so many people list out like, you know, a company X I work with, You know, this software and this offer and this software, and then you follow you follow them, and then you see if they're posting about,
you know, So we're launching a new product X on this date, you know, so you can get so much information from social media
lifting more than others. If you're going to do business night stuff. So Twitter linked in That's kind of your thing. If your pen testing like an individual, if you're trying to harvest information on a particular individual, that I would say like Facebook or Instagram or that personal aspect of it
competitive intelligence. So this could be your business type intelligence. So generally like your financial reporting top of stuff which does can contain a lot of good information. This screenshot hears of the Edgar database with the SEC, so that gives you a lot of different forms and filings that businesses have to do with the SEC, so that contains a good amount of information.
Job boards. This is actually probably one of the best resource is you basically look up different jobs in that particular area on whether a sec that you know. And if you're just looking for general targets now, that's a great way to find some generalized targets. They'll tell you the different information that they want youto have, right? So we kind of look in the middle of the page here. We see that
if you want this job as an information security engineer,
they want you to have windows UNIX, you know, some cloud security. So we don't know what type of thing there if we unless we clicked on it or something. But they probably list out the cloud security. They'll probably want to Clara cross platform. But that might actually tell us what kind of cloud and they're using. We see they're using How do you know? Experience with application white listing. So
this is more than likely, some kind of a
either consultant role or, you know, a strict security role, which is what it looks like. But it does tell us some of the things that the company is looking for. So the more than likely have those they released using those items in some capacity, right? So it just gives us some good information on that.
Uh, we could set up alerts, you know? So ah, different Web sites we want to get alerts from. We can even do that on these company websites. You could set up like Google alerts. Ah. Ah, Good one out there is visual ping minutes is generally free. So you're just throwing, like, whatever website there for your email in and bam. You know, you can go ahead and get some alerts coming to you.
Don't be rude. Not be helpful. Just kind of keeps you, I guess abreast of
what the company is doing. What kind of new products? That sort of stuff. You can probably customizes pretty well depending on the type of tool you're using for that
website. Marrying is another good thing. Basically, website marrying is I'm taken like your website, for example. So let's just use a TT track. This is a tool that you can use for a website nearing. But, for example, if I used this Web site, I could mirror it, and then I could have all that stuff on my local computer local server,
and then I could go through and try to find different information that's helpful for me
of mapping out how their website is. I could see if there's different vulnerabilities, etcetera, etcetera. So it's a It's a good way of finding a lot of good information.
Course we have email foot printing. We're gonna go over a tool called the Harvester. Later, we'll do a sample scan. Just show you some public information. We're not gonna go over email foot printing, but it could be used for that as well.
So there's a lot of tools out there for email footprint, but essentially we can you grab in, harvest different emails and find I P addresses. You know, we're looking for the center information, etcetera,
different tools out there we can use, and this is not an inclusive lister's. There's literally thousands of them that you can use us and common ones. People use out there definitely multi go. And the OS are far, sees me. Oh, it's our framework. Those kind of the more common ones that you'll use in industry is a penetration tester.
Multi Go. This is just a screenshot, but you'll see here it's kind of an intelligence platform, so it basically lets you map out the you know the website, for example, or or like the server and then mats on everything from that right? It's gonna go out there and find everything. So whether it's, you know, finding, you know, if you have MX records or Deena's records,
it'll either pull that or you could put that information in, and it's gonna
put all that, especially map it out for you.
You can also use this with people you can map on Ah, email address. Oh, our social media account and you can get different information.
Now. I will say again, there's there's, you know, like most tools. There's a page and free version. And so this one. The free version has some limitations, but the page papers and has almost everything you would ever want
Recount and G, which we mentioned Command line tool there again, especially just for foot printing.
Different companies.
Oh, it's our framework. This is kind of a popular one That's a free or free tool out there. So I do recommend that as well.
So a quick post assessment here we only have a couple questions. I just want to test your knowledge. So
all of the following our benefits of foot printing, except so which one of these is not a benefit of foot Pretty.
So if you guessed answer. See, you're correct, right? So the benefit of foot printing, it's not actually to activate it distributed denial of service, which is what did L stands for against the target So we could use our foot printing right that now that's gained two, then launch Adidas against a target. But that's that's not a direct benefit of foot pretty,
direct benefits are mapping the network known the security posture of the target again, and then that all helps us narrow the focus area of our penetration test.
So the second question here, and actually the last one showdown is known as what, and this was actually pretty easy.
All right, So if you guessed answer, eh? You're correct. Obviously, the other ones are all made up answers. They're so showdown is also known as a hacker search engine.
So in this video, we went over a lot of the general information on foot printing. In the next video, we're gonna go over the introduction to the lab, and then the labs we have in this module are gonna be Nick Tow the Harvester, which we talked about and then also showed. And Google hacking, which we also talked about those as well.
So look forward to seeing you in the next video.
Up Next
Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By