Footprinting is a process of gathering information about computer systems for the intent to intrude it. Footprinting is the very first phase of the hacking process.
As you may already know when a hacker tries to compromise a system he goes through five steps of hacking.
These five steps of hacking includes:
#3. Gaining Access
#4. Maintaining Access
#5. Clearing Tracks
If you often look around for the stuff related to ethical hacking then you must have encountered these term before. So in this post, we are going to discuss the first phase of hacking which happens to be footprinting.
So if you ever wondered what footprinting is and why it is done? Then you must surely read the post.
What Is Footprinting And How It Is Done: The Complete Guide
I hope after reading this post you will have a good understanding of the footprinting which is the first phase of hacking.
But, if you are completely new to the field of hacking then I suggest you to first read my ultimate guide on hacking for beginners. It is not necessary but I recommend reading it if you are a complete beginner.
So, without any further chit-chat let’s start.
What is Footprinting?
Footprinting is also termed as reconnaissance or recon. I’m going to use the term footprinting but you can use any of them.
In simple words, the act of footprinting is just gathering as much information about the system that you are going to hack.
So let’s say, you want to hack online server of your favorite game. Now, before you can do anything to the server you must have some information about the server.
Information such as—which operating system is being used, what is the version of the operating system and other.
Once you get such kind of information about the server, you could then search for an existing vulnerability for that server. If you found yourself lucky in finding the vulnerability then there is a chance that you can hack the server.
So, the whole motive is to collect the most information about the server. Once you have enough information then you need to figure out weaknesses in the server in order to compromise it.
The footprinting phase of hacking is the phase where you need to spend most of your time, so you got to have patience. You need to understand this thing that you can’t compromise your desired target if you know nothing about it.
If you want to hack your target system you need to know your target better than they know about themselves.
Types of Footprinting
Now you know what footprinting is, let’s discuss the types of footprinting.
Basically, the footprinting phase can be divided into two broad types.
When doing passive footprinting we are not actually touching the target. We simply use the publically available resources to gather information about the company or the target system.
You’ll be amazed at the fact that how much information you can find about your target on the Internet!
You can easily find information such as what IP addresses are being used for their website. What operating system they are running on their server, what type of web server software is being used and much much more.
As you might have already guessed, active footprinting means actually touching the target to extract the information.
So suppose, you are hired by a company to test their security. You can either choose to perform passive footprinting or active footprinting.
Active footprinting can be done by going to a job interview with the company or by talking to the employees of the company.
Or by simply dressing up nice and then going to the company building and acting as if you are an authority. If you make the employees believe that you are authority than you can easily get the information from them.
But most of the time we prefer doing passive footprinting. It is because you don’t want your target to know that you were gathering information about them.
How is Footprinting Done?
There are a lot of tools and resources available where you can gather information about a company (your target).
So, for this tutorial, we are going to use a famous website which is called hackthissite.org.
Hack This Site is a safe and legal training ground for hackers to test and expand their hacking skills. This site is giving us all the permissions that we need in order to do the hacking in an ethical way.
So let’s start the footprinting tutorial.
So following are the tools that you can use to do footprinting on your target:
You can use any of the search engines of your choice but I’m going to use Google.
This is what I got when searched for the term hackthissite.org.
As you can see in the image above we can note down some information about the website.
Although you can get lots of information about the target using search engines, I’m going to list only the basic.
1. The website is using the https protocol. That means all the data transferred between their website users and their servers is encrypted.
2. You can also register on their website to see what it looks like on from the inside.
3. They also have a forum, you can go there and discover what types of people use this site? How much time do they spend on the website? What is their purpose and goals behind using this website etc?
4. They also offer to advertise on their website that means you can contact them directly and get more information about them and use it to your advantage.
These points that I have listed above is just to give a gist about how a hacker thinks when doing footprinting.
I guess you might be laughing at me and thinking this is pretty basic info, why would you need that?!
But remember, no matter how small the information might seem to you right now, it could be crucial at the later stages of hacking. So collect whatever info you can.
Also don’t get stuck in using only one search engine when doing footprinting. In fact, you need to use different search engines, because all of them will have different results.
And there is always a chance that you’ll find something meaningful that you can’t find on other search engines.
Here is the result of the bing search engine.
Notice how different it is from the Google. Also, go beyond 5 or 10 pages to discover some information that might be useful to you.
Using the Target Website
Believe it or not, you can get a huge amount of information from the target website itself. The probability is that your target is exposing way more information then they should be.
You can use this to your advantage by going to the target website and looking for information such as their email address, their phone number, their physical location etc.
Most of the time companies put their social channels links on their website. You can have a look at their social channels to figure out what technologies they are using or planning to use?
Likewise, you can figure out what type of people engages with their posts? What changes are they going to make? Moreover, what is the cause of making the change?
There is an awesome tool called HTTrack which can be used to download a website locally on your hard drive. Here is how to download a website using the HTTrack tool.
Once you have downloaded the website on your hard drive you can have a clean look at how the website is laid out. You will be able to look at the source of the code of the website which can be very useful.
This is just a simple trick to gather information about your target website. Just think a little more like from a hacker perspective instead of a user and you’ll find many more possibilities.
Whois lookup is another great way to extract information about a website. Whois is basically a database that contains information about every website on the Internet.
Information such as who owns the website, domain registrar of the website, email of the owner, phone number of the owner and so much more.
So let’s have a look at a website’s whois database.
Step 1. Simply go to a website like whois.domaintools.com.
Step 2. Enter the website name whose data you want to extract.
As you can see I have got the whois data of the hackthissite website.
1. You can see that the domain registrar of this website is enom Inc. The web address of the registrar is also given.
2. You can see how old is the domain name. The date it was registered and the date that it is going to expire.
3. You can see that this website is hosted on a dedicated server and the IP address of that dedicated server is 188.8.131.52. The IP location is also listed that is Colorado, Denver.
You can see that this website is not exposing much information about it, like the registrant name, email address, phone number etc.
This is because they are aware of the fact that whois data can be used against them. So they have purchased a whois privacy protection from their domain registrar.
The Whois privacy protection mask’s the original owner’s information with the domain registrar’s information. But not every website owner is aware of the fact that their data is exposed like this, to the whole world.
So try out some other website’s of your choice and see what you can find on the website.
When it comes to job sites companies often exposes way more information about themselves.
Although this is not the case for all the companies some companies do give out extensive information about themselves. So as an attacker you can look out for these job openings and positions available in the company.
On the basis of the positions available in the company, you’ll be able to figure out various insights about the company.
So let us take an example of a job search site monster.com. I searched for a position of a System Engineer and selected a random company looking to fill this position.
In the image below you can see all of the mandatory skills that they need in a System Engineer.
Based on the data available to us, we can easily figure out some insights about the company.
1. So they are using the Microsoft technology stack that includes Windows Server, SharePoint, SQL Server, and Active Directory.
2. The storage needs of this company are fulfilled by the vendors– Dell/EMC, Pure Storage.
3. The type of server infrastructure they are using is Cisco UCS.
4. The physical location of the company that is Toronto, Ontario.
So, I guess you got the idea about how you can leverage job sites to your advantage and collect data about your target company.
Depending on the job position available in the company, you can find a lot of information or a lot less information. Like, a Web Developer position will give you a lot less info than a System Engineer.
The Wayback Machine
Have you ever dreamt of going back in time?
If you said yes, like me, then I’m going to share with a tool that will take you back in time…
…this is the tool that you can use to see the previous version of a website. You can use this tool to see how your target’s website looked back in the days.
Just for the sake of an example, I’m going to take a look at my own website hackingpress.com.
1. First, go to the wayback machine website.
2. Enter the website name whose previous version you want to see. In my case, I entered the address hackingpress.com.
3. Once you click enter you will be redirected to a page where you can see a calendar. The blue dots represent that at this time a snapshot of the website was taken.
4. Click on a blue dot and you’ll be redirected to the website version that was seen to the Internet on that specific date. I clicked on the date 6th of April 2004. This is how the website looked back in the days.
5. You can easily see that back in the days this domain name was registered by the company called dotster.
I took my website just for an example. You can put the target website that you want to compromise in order to see it’s the previous version.
Now you might be wondering, Why I should look for the old version of the website when I can browse that latest one.
And yeah! You can and should browse the latest version of the website but think about this…
…back in the days, your target website might have accidentally exposed some critical information that they didn’t mean to.
So when you have a tool like the way back machine, you can check if it is the case for your target website.
If you are lucky enough you’ll find some interesting information about your target. Information such as email address, phone number, personally identifiable information and a lot more.
…it is not that you might be thinking!
Google hacking does not mean to hack google servers, it simply means to use Google operators to get our desired result.
Google hacking is a popular term used by the hacking community. It basically means that we use search operators provided by the google itself to refine our search results. These operators are also known as google operators.
Basically google operators are the simple syntax that you can use to get the result that you want.
Google hacking can be very beneficially when doing footprinting for your target. If you become good at using google operators then you’ll be able to find your desired information within a fraction of seconds.
The most common google operators are:
|–||The minus sign is used when you want to exclude a specific word. Minus sign is used when you want to exclude specific results from appearing in your search results.|
Say for some reason that you wanted to find pages that have the word ethical hacking but not pages from eccouncil that contain this phrase.
Example: “ethical hacking -eccouncil.com”
|“ ”||When you use quotes around the phrase that you are searching for you’ll get the exact match results of that phrase.|
You will get the page that has the exact phrase that you searched for in their title or text. Using quotes around your phrase will help you to greatly refine your search results.
Example: “ethical hacking for beginners”
Some advanced google operators that you can use while doing footprinting are:
|Site:||If you want Google to give you results only from a specific website you can use the site operator.|
For example, if you wanted to search this website for articles on hack instagram accounts, you would use the following:
Example use: “site:hackingpress.com hack instagram accounts”
|Cache:||Cache means the saved version of a website. Google often saves a copy of the website for a better user experience.|
So when a website is not available (offline) it can provide the saved version to its users.
Also, these all operators can be combined together when searching on google to really harness their power. When you use google operators in your query then the query is often referred to as a dork.
A dork is just a search string that used advanced search operators to find information on a website that is not easily available.
So google hacking can be very useful when you are doing footprinting on your target. With the help of google hacking, you can view the information about your target that is not intended for public viewing but has not been adequately protected.
To give you an idea of how powerful Google hacking is, search for the following term on google:
“battlefield” “email” site:pastebin.com
Here is the result that I got.
You can go to each of this page and I’m sure you’ll get some juicy information. Although this information might not useful to you I just wanted to show you powerful google hacking is.
Also, there is a database called Google Hacking Database where you can find lots of Google dorks. These Google dorks are found and shared by the hacking community. You can take a look at the Google Hacking Database by visiting this link.
Rundown: What Is Footprinting And How It Is Done
I hope you have got some useful information about what is footprinting and how it is done. Doing footprinting takes a lot a time and patience.
Although I have shared some methods that will help you to do footprinting there is a lot more.
If you liked this article I suggest you bookmark this page and come back later. Because I’m going to add more tools and techniques that will help you in footprinting you target.
Also if you enjoyed reading this post and got some value from it, please do share it with like-minded people. Do subscribe to my email list to get the notification whenever I post a new article.
If you have any doubt, query or suggestion please let me know in the comment section. I’ll be happy to help you.