Footprinting

Leave a reply

Footprinting is a technique for information gathering. In information gathering, we try to obtain as much information as possible about the target. The gathered information include:

  • Contact information
  • Configurations
  • DNS hostnames
  • IP adresses

The following are a few tools that can be used for footprinting:

1. whois

This tool can either be used as a command in terminal/commandprompt or online on whois.com. The information that can be obtained include:

  • Name servers
  • Domain status
  • Dates created and updated
  • Registrant information

The command is written as: whois <targeturl>. The screenshot below shows an example of the command: whois pentest.id. As it is shown, the website is protected by cloudflare.

2. Host

The Host command will allow us to find the hosts and IP addresses from a DNS server.

The command used is: host <targeturl>. In the example below, the command is: host pentest.id. By default, it will look up A (IPv4) record, AAAA (IPv6) record, and MX (mail) record.

3. TheHarvester

TheHarvester is a tool that can be used to obtain information such as:

  • E-mails
  • Subdomains
  • Number of hosts

The information is obtained from various public sources such as search engines and social media.

An example command is: theharvester -d microsoft.com -l 100 -b google.

The above command means that we are searching for information related to microsoft.com, limited to 100 results, and the data source is google. Aside from google we can use twitter, linkedin, facebook, bing, etc. The screenshot below shows the result:

Leave a Reply

Your email address will not be published. Required fields are marked *