Footprinting is a technique for information gathering. In information gathering, we try to obtain as much information as possible about the target. The gathered information include:
- Contact information
- Configurations
- DNS hostnames
- IP adresses
The following are a few tools that can be used for footprinting:
1. whois
This tool can either be used as a command in terminal/commandprompt or online on whois.com. The information that can be obtained include:
- Name servers
- Domain status
- Dates created and updated
- Registrant information
The command is written as: whois <targeturl>. The screenshot below shows an example of the command: whois pentest.id. As it is shown, the website is protected by cloudflare.

2. Host
The Host command will allow us to find the hosts and IP addresses from a DNS server.
The command used is: host <targeturl>. In the example below, the command is: host pentest.id. By default, it will look up A (IPv4) record, AAAA (IPv6) record, and MX (mail) record.

3. TheHarvester
TheHarvester is a tool that can be used to obtain information such as:
- E-mails
- Subdomains
- Number of hosts
The information is obtained from various public sources such as search engines and social media.

An example command is: theharvester -d microsoft.com -l 100 -b google.
The above command means that we are searching for information related to microsoft.com, limited to 100 results, and the data source is google. Aside from google we can use twitter, linkedin, facebook, bing, etc. The screenshot below shows the result:
