Reconnaissance – Blueprint

Home Reconnaissance – Blueprint
, Uncategorized

It is the process to define the profile of the target organization as the result of footprinting.

the scope of the assessment identifies the systems, network, policies and procedures, human resources, and any other component of the system that requires security evaluation.

Passive Footprinting: Involves gathering information without direct interaction. Useful when you require not to be detected by the target.

Active Footprinting: Involves gathering information with direct interaction.

Techniques:

  1. Footprinting through search engines
    • Google hacking techniques
    • Video search engines
    • FTP search engines
    • IoT search engines
  2. Footprinting through web services
    • Find domains and sub-domains using Netcraft
    • Personal information using PeekYou online people search service
    • Email list using theHarvester
    • Using deep and dark web searching
    • Determine target OS through passive footprinting
  3. Footprinting through social networking sites
    • Employee information with LinkedIn using theHarvester
    • Information from various social networking sites using Sherlock
    • Using Followerwonk
  4. Website footprinting
    • Ping command line utility
    • Central Ops
    • Using Web Data Extractor
    • Mirror the target website using HTTrack Web Site Copier
    • CeWL
  5. Email footprinting
    • Tracing emails using eMailTrackerPro
  6. Whois footprinting
    • Whois lookup using DomainTools
  7. DNS footprinting
    • Gather DNS information using nslookup command line utility and online tool
    • Perform reverse DNS lookup using reverse IP domain check and DNSRecon
  8. Network footprinting
    • Locate the network range
    • Perform network tracerouting in Windows and Linux Machines
  9. Footprinting using various footprinting tools
    • Recon-ng
    • Maltego
    • OSRFramework
    • BillCipher
    • OSINT Framework

Host Discovery –  Footprinting through search engines

Advanced Google Hacking Techniques

Supongamos que temenos como target www.webtargetexample.com

cache:www. webtargetexample.com

allinurl: google career

inurl: copy site: www. webtargetexample.com

intitle:password site: www. webtargetexample.com

allintitle: detect malware

Anti-virus inanchor: webtargetexample

allinanchor: best cloud service provider

link:www. webtargetexample.com

related:www. webtargetexample.com

info: webtargetexample.com

location: webtargetexample

for video search you can use: https://citizenevidence.amnestyusa.org/

It can help to extract Meta Data page appears, in the Enter YouTube URL search field. You can use also video analysis tools such as EZGif (https://ezgif.com), VideoReverser.com, etc.; and reverse image search tools such as TinEye Reverse Image Search (https://tineye.com), Yahoo Image Search (https://images.search.yahoo.com)

FTP Search Engines

File Transfer Protocol (FTP) search engines are used to search for files located on the FTP servers.

Launch https://www.searchftps.net/

Also you can use:

https://globalfilesearch.com

http://www.freewareweb.com

IoT Search Engines

we will search for information about any vulnerable IoT device in the target organization using the Shodan IoT search engine.  https://www.shodan.io/. You can also use (https://censys.io), (https://www.thingful.net), which are IoT search engines, to gather information such as manufacturer details, geographical location, IP address, hostname, open ports, etc.

Footprinting Through Web Services

Domains and Sub-domains using Netcraft

Use the website:

https://www.netcraft.com

https://pentest-tools.com/

Also you can use the Sublist3r tool in a kali machine. Instruction in this website: https://github.com/aboul3la/Sublist3r

Gather an Email List

Install theHarvester in your Parrot machine and type theHarvester -d websitetarget.com -l 200 -b

Deep and Dark Web Searching

  1. Use the Tor Browser. With this browser you will find the more relevant links than chrome. You can also use tools such as ExoneraTor (https://metrics.torproject.org), OnionLand Search engine (https://onionlandsearchengine.com), etc. to perform deep and dark web browsing.

Also check onion sites for valuable information:

  • The Hidden Wiki is an onion site that works as a Wikipedia service of hidden websites. (http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page)
  • FakeID is an onion site for creating fake passports (http://fakeidskhfik46ux.onion/)
  • The Paypal Cent is an onion site that sells PayPal accounts with good balances (http://nare7pqnmnojs2pg.onion/)

Determine Target OS

Use https://www.shodan.io

Footprinting

Information from LinkedIn 

  • Type this command in the Parrot terminal: theHarvester -d eccouncil -l 200 -b linkedin
  • Install the command  Sherlock and type:

cd sherlock/sherlock/ 

python3 sherlock.py satya Nadella

Additionally you can use this website: https://followerwonk.com/analyze. You can also use Hootsuite https://hootsuite.com, Sysomos https://www.sysomos.com.  

Website Footprinting

The ping command sends an ICMP echo request to the target host and waits for an ICMP response.

ping measures the time from transmission to reception, known as round-trip time, and records any loss of packets.

In a windows machine type:  ping www.websitetarget.com

try different values until you find the maximum frame size

ping www.certifiedhacker.com -f -l 1300

Related Articles

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

Forgot your details?