9. Footprinting using footprinting tools

Footprinting tools are used to collect basic information about the target systems in order to exploit them.

1. Footprinting with Recon-ng

Start the tool

recon-ng

install all the modules

marketplace install all

list all modules

modules search

Now create a workspace and select it

workspaces create CEH
workspaces select CEH

workspaces list //if you want to see the list of workspaces

Add a website to the recon list

db insert domains
show domains // to list the domains

load the module for brute forcing hosts

modules load recon/domains-hosts/brute_hosts

Now run it with run command

You can view the hosts with the following command

show hosts

Now to resolve the host with bing

back
modules load recon/domains-hosts/bing_domain_web
run

Now reverse lookup

back
modules load recon/netblocks-hosts/reverse_resolve

create a report

modules load reporting/html
options set CREATOR ammar
options set CUSTOMER ceh

Whois with Recon-ng

create a new workspace

workspaces create whois
workspaces select whois

Now select the whois module

modules load recon/domains-contacts/whois_pocs

Set the website as target

options set source SOURCE google.com

Check the names and usernames on social media.

modules load recon/profiles-profiles/namechk

options set SOURCE ammar

checking profiles on social media (very good results)

modules load profiler
options set SOURCE ammar
run

Getting subdomains and other info about the target (Most important)

modules load hackertarget
options set SOURCE certifiedhacker.com
run

2. Maltego recon

website>DNS using name schema>DNS SOA>DNS Mx>DNA nameservers>DNS IP address>location>

website>domains>whois

3. OSRFramework

Good for quickly finding subdomains.

https://github.com/i3visio/osrframeworkgithub.com

sudo pip3 install osrframework //installation

Run as root.

domainfy -n eccouncil -t all

-n specify nickname of domain

-t specify list of top level domains where nick will be searched

Finding user accounts of a username

searchfy -q ammar

-q specifies the query

4. Footprinting using FOCA (windows)

Domains and document analysis

5. Billcipher

Allows to select the modules do the recon.

GitHub - bahatiphill/BillCipher: Information Gathering tool for a Website or IP addressGitHub

6. OSINT Framework

OSINT Frameworkosintframework.com

Other tools

GitHub - s0md3v/ReconDog: Reconnaissance Swiss Army KnifeGitHub

https://github.com/TebbaaX/GRecongithub.com

GitHub - Moham3dRiahi/Th3inspector: Th3Inspector 🕵️ Best Tool For Information Gathering 🔎GitHub

GitHub - evyatarmeged/Raccoon: A high performance offensive security tool for reconnaissance and vulnerability scanningGitHub

Exam Prep & Training for CEH Practical (Unofficial Course)Udemy

Previous8. Email Footprinting Next10. Perform Footprinting using AI

Last updated 1 year ago

hashtag1. Footprinting with Recon-ng

hashtag2. Maltego recon

hashtag3. OSRFramework

hashtag4. Footprinting using FOCA (windows)

hashtag5. Billcipher

hashtag6. OSINT Framework

hashtagOther tools