Footprinting Concepts

Introduction

• Hosts: Sophie and Daniel
• Topic: Footprinting and snooping

What is Footprinting?

• Definition: Seeking out information about a target.
• Ethical hackers are paid to gather information about clients.
• Bad actors also perform footprinting to identify victims.

Types of Footprinting

• Passive Footprinting:
  • No direct interaction with the target.
  • Example: Eavesdropping or gathering publicly available information from websites or social media.
• Active Footprinting:
  • Direct interaction with the target.
  • Example: Scanning or querying systems to extract information.

Importance of Footprinting

• Helps to identify vulnerabilities within a target’s network or systems.
• Knowledge gained can lead to potential access and exploitation of vulnerabilities.
• Ethical hackers report findings to improve security.

Key Information Gathered in Footprinting

• System Information:
  • Operating systems in use, services running (e.g., Active Directory, DNS).
  • Usernames and passwords.
• Network Information:
  • Domains and subdomains, firewall rules, ingress and egress filtering.
• Organizational Information:
  • Employee information, department structures, public social media profiles.

Risks of Information Exposure

• Public information can be used by bad actors for malicious intent.
• Importance of good operational security (opsec) practices.

Tools and Techniques for Footprinting

• OSINT (Open Source Intelligence):
  • Gathering information available on the internet.
• Google Dorks:
  • Utilizing advanced search operators in Google to uncover sensitive information.

Conclusion

• Footprinting is a critical first step in ethical hacking and penetration testing.
• Helps in understanding the target better for vulnerability assessment.

Google Dorking

Introduction

• Topic: Advanced Google searching techniques (Google Dorks).

What is Google Dorking?

• Using Google’s advanced search features to find specific information.
• Can uncover sensitive information unintentionally exposed by organizations.

Examples of Google Dorks

• Using quotes to search for exact phrases.
• Using the minus sign to exclude specific terms from searches.
• Adding parameters like inurl: and intitle: to refine searches.

Applications of Google Dorking

• Finding vulnerable servers, databases, and login portals.
• Efficient method for reconnaissance in ethical hacking.

Key Points

• Google Dorking can lead to discovering exploitable vulnerabilities.
• The importance of continuous learning and adapting techniques.

Shodan and Censys

Introduction

• Focus: Shodan and Censys as tools for footprinting.

What are Shodan and Censys?

• Shodan: A search engine for internet-connected devices.
• Censys: A platform for discovering and analyzing internet-connected devices.
• Both tools provide insights into devices beyond typical web searches.

Utilization of Shodan

• Search for devices and get detailed information on their configurations.
• Free tier available; paid options for advanced features.

Filters in Shodan

• Use filters to narrow down searches for specific devices, protocols, and vulnerabilities.

Censys Features

• Similar functionality to Shodan but may provide different data sets and insights.
• Good for identifying assets owned by an organization.

Subdomain Enumeration

What is Subdomain Enumeration?

• Finding and cataloging subdomains of a target domain.
• Essential for ethical hacking and penetration testing to identify potential vulnerabilities.

Tools for Subdomain Enumeration

• Google Search: Use site:example.com to find subdomains.
• Netcraft: Online tool for searching DNS records and finding subdomains.
• Sublister: A tool for automating the enumeration process for subdomains.

Importance of Subdomain Enumeration

• Expanding the attack surface by identifying additional targets.
• Helps in discovering insecure or less protected environments within an organization.