4. Website Footprinting

1. Gather information with Ping

ping certifiedhacker.com

Returns the IP address, TTL and round trip time.

Finding maximum fragment size supported

ping 162.241.216.11 -f -l 1500

-f do not fragment

-l specifies the size

If you get an error like this it means the packet size is not supported.

Now try different sizes till the time we get hit and so we are able to find the maximum frame size supported on the machine.

Finding hops with TTL

Maximum hops supported are 255. -i flag sets TTL and -n flag tells the no of packets to be sent. Try different values of -i to get the number of hops.

ping 162.241.216.11 -i 14 -n 1

Other tools

Use tracert (windows) to find the number of hops

tracert 162.241.216.11

2. Website footprinting with Photon

Incredibly fast crawler designed for OSINT.

Photon can extract the following data while crawling:

URLs (in-scope & out-of-scope)
URLs with parameters (example.com/gallery.php?id=2)
Intel (emails, social media accounts, amazon buckets etc.)
Files (pdf, png, xml etc.)
Secret keys (auth/API keys & hashes)
JavaScript files & Endpoints present in them
Strings matching custom regex pattern
Subdomains & DNS related data

Crawling can be resource intensive but Photon has some tricks up it's sleeves. You can fetch URLs archived by archive.org to be used as seeds by using --wayback option.

GitHub - s0md3v/Photon: Incredibly fast crawler designed for OSINT.GitHub

python3 photon -u https://certifiedhacker.com

results are saved in directory in the photon folder

Extensive scan

python3 photon -u https://certifiedhacker.com -l 3 -t 200 --wayback

-u url
-l scan levels
-t No of threads
--wayback searches archive.org

3.Gather information about target with central ops

Free online network tools - traceroute, nslookup, dig, whois lookup, ping - IPv6centralops.net

Other tools

Website Informerwebsite.informer.com

4. Getting Information with web data extractors

Windows tool. Need to install

http://www.webextractor.com/wde.htmwww.webextractor.com

Other tools

ParseHub | Free web scraping - The most powerful web scraperwww.parsehub.com

spiderfoot | Kali Linux ToolsKali Linux

GitHub - smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.GitHub

5. Website Mirroring with HTTrack

Windows tool need to install

https://www.httrack.com/

Other tools

Cyotek WebCopy - Copy websites locally for offline browsing • Cyotekwww.cyotek.com

6. Website recon with Grecon

use google search for reconnaisance

https://github.com/TebbaaX/GRecongithub.com

7. Making wordlist with CEWL from website

cewl -w wordlist -d 2 -m 5 www.certifiedhacker.com

-d depth
-m mimimum word length
-w wordlist file

Exam Prep & Training for CEH Practical (Unofficial Course)Udemy

Previous3. Footprinting through Social Networking sites Next5. WHOIS Footprinting

Last updated 1 year ago

hashtag1. Gather information with Ping

hashtagFinding maximum fragment size supported

hashtagFinding hops with TTL

hashtagOther tools

hashtag2. Website footprinting with Photon

hashtag3.Gather information about target with central ops

hashtag4. Getting Information with web data extractors

hashtag5. Website Mirroring with HTTrack

hashtag6. Website recon with Grecon

hashtag7. Making wordlist with CEWL from website

1. Gather information with Ping

Finding maximum fragment size supported

Finding hops with TTL

Other tools

2. Website footprinting with Photon

3.Gather information about target with central ops

4. Getting Information with web data extractors

5. Website Mirroring with HTTrack

6. Website recon with Grecon

7. Making wordlist with CEWL from website