4. Website Footprinting
1. Gather information with Ping
Returns the IP address, TTL and round trip time.
Finding maximum fragment size supported
-f do not fragment
-l specifies the size
If you get an error like this it means the packet size is not supported.
Now try diiferent sizes till the time we get hit and so we are able to find the maximum frame size supported on the machine.
Finding hops with TTL
Maximum hops supported are 255. -i flag sets TTL and -n flag tells the no of packets to be sent. Try different values of -i to get the number of hops.
Other tools
Use tracert (windows) to find the number of hops
2. Website footprinting with Photon
Incredibly fast crawler designed for OSINT.
Photon can extract the following data while crawling:
URLs (in-scope & out-of-scope)
URLs with parameters (
example.com/gallery.php?id=2
)Intel (emails, social media accounts, amazon buckets etc.)
Files (pdf, png, xml etc.)
Secret keys (auth/API keys & hashes)
JavaScript files & Endpoints present in them
Strings matching custom regex pattern
Subdomains & DNS related data
Crawling can be resource intensive but Photon has some tricks up it's sleeves. You can fetch URLs archived by archive.org to be used as seeds by using --wayback
option.
results are saved in directory in the photon folder
Extensive scan
-u url
-l scan levels
-t No of threads
--wayback searches archive.org
3.Gather information about target with central ops
Other tools
4. Getting Information with web data extractors
Windows tool. Need to install
Other tools
5. Website Mirroring with HTTrack
Windows tool need to install
Other tools
6. Website recon with Grecon
use google search for reconnaisance
7. Making wordlist with CEWL from website
-d depth
-m mimimum word length
-w wordlist file
Last updated