🔍

Footprinting and Ethical Hacking Techniques

Mar 23, 2025

Footprinting Concepts Lecture Notes

Introduction

  • Hosts: Sophie and Daniel
  • Topic: Footprinting concepts, snooping, and ethical hacking
  • Footprinting = actively seeking information about a target, often for security assessment.

What is Footprinting?

  • Footprinting is a method of gathering information about a target organization.
  • Can be used by ethical hackers or malicious actors.
  • Aim: To gather technical, organizational, and industry-related information.

OSINT (Open Source Intelligence)

  • Footprinting often involves OSINT.
  • Gathering information from publicly available sources.
  • Importance of knowledge: "Knowledge is power."

Types of Footprinting

  1. Passive Footprinting
    • No direct interaction with the target.
    • Example: Eavesdropping or browsing publicly available information (e.g., websites, social media).
    • Hard to detect; organizations often release this information intentionally.
  2. Active Footprinting
    • Involves direct interaction with the target (e.g., querying servers, using tools).
    • More detectable; potential to trigger security alerts.
    • Example: DNS queries, port scans.

Information to Gather During Footprinting

  • System Information
    • Operating systems in use, services, usernames, passwords.
  • Network Information
    • Domain names, subdomains, firewall rules.
  • Organizational Information
    • Employee details, departments, contact info, organizational charts.

Example Sources of Information

  • Websites, financial reports, LinkedIn profiles, social media posts.
  • Potentially sensitive information can be unintentionally exposed.

Importance of Footprinting for Ethical Hacking

  • Helps identify security vulnerabilities based on gathered data.
  • Enables better targeting during penetration tests.
  • Essential for successful hacking attempts, as it informs attackers of possible weaknesses.

Conclusion

  • Footprinting is crucial for ethical hacking and identifying vulnerabilities.
  • Knowledge gained from footprinting lays the foundation for successful penetration testing.

Google Dorks

Introduction to Google Dorks

  • Not socially awkward people; rather, advanced search techniques using Google.
  • Used for footprinting and information gathering.

Basic Google Search Operators

  • Use quotes for exact phrases.
  • Use a minus sign to exclude terms.
  • Combine advanced search options for targeted results.

Applications of Google Dorking

  • Finding vulnerable servers, open databases, and sensitive information.
  • Example: Searching for specific vulnerabilities, server types, or configurations via Google.

Resources for Google Dorking

  • Two lists provided: one from 2020 and another from 2022.
  • Lists include various Google dorks for effective searches.
  • Explore the Google hacking database for new dorks and examples.

Shodan and Censys

Introduction

  • Focus: Using Shodan and Censys for footprinting and information gathering.
  • Both are search engines for discovering internet-connected devices.

What is Shodan?

  • A search engine for IoT and internet-connected devices.
  • Useful for ethical hackers and blue teams to discover assets.

Features of Shodan

  • Can search by IP, device type, and geographical location.
  • Information includes server types, operating systems, and running services.
  • Allows monitoring and analysis of devices.

What is Censys?

  • Similar platform to Shodan with a focus on discovering and analyzing internet-exposed devices.
  • Regularly probes public IP addresses and domains to curate data.

Comparison of Shodan and Censys

  • Both provide valuable data for ethical hackers.
  • Different filters and search capabilities.
  • Both tools are essential for thorough reconnaissance.

Subdomain Enumeration

Introduction

  • What is a subdomain?
    • A subdomain extends the main domain, used for organizing information.
    • Example: blog.itpro.tv is a subdomain of itpro.tv.

Importance of Subdomain Enumeration

  • Helps identify potential vulnerabilities in less secure areas of a network.
  • Essential for ethical hackers and bug bounty hunters to find exploitable weaknesses.

Techniques for Subdomain Enumeration

  1. Google Search
    • Use site:itpro.tv to find subdomains directly.
  2. View Page Source
    • Look through the HTML source code for subdomain references.
  3. Automated Tools
    • Use Netcraft and Sublister to automate the search for subdomains.
    • Netcraft: Provides DNS search capabilities and lists subdomains.
    • Sublister: A GitHub tool for automated subdomain discovery.

Conclusion

  • Subdomain enumeration is a key part of the reconnaissance phase in ethical hacking.
  • By identifying subdomains, ethical hackers can broaden their attack surface and find vulnerabilities.

Full transcript