CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page
  • 1. Footprinting with Recon-ng
  • 2. Maltego recon
  • 3. OSRFramework
  • 4. Footprinting using FOCA (windows)
  • 5. Billcipher
  • 6. OSINT Framework
  • Other tools

Was this helpful?

  1. Module 2. Footprinting and Reconnaissance

9. Footprinting using footprinting tools

Footprinting tools are used to collect basic information about the target systems in order to exploit them.

Previous8. Email FootprintingNext10. Perform Footprinting using AI

Last updated 7 months ago

Was this helpful?

1. Footprinting with Recon-ng

Start the tool

recon-ng

install all the modules

marketplace install all

list all modules

modules search

Now create a workspace and select it

workspaces create CEH
workspaces select CEH
workspaces list //if you want to see the list of workspaces

Add a website to the recon list

db insert domains
show domains // to list the domains

load the module for brute forcing hosts

modules load recon/domains-hosts/brute_hosts

Now run it with run command

You can view the hosts with the following command

show hosts

Now to resolve the host with bing

back
modules load recon/domains-hosts/bing_domain_web
run

Now reverse lookup

back
modules load recon/netblocks-hosts/reverse_resolve

create a report

modules load reporting/html
options set CREATOR ammar
options set CUSTOMER ceh

Whois with Recon-ng

create a new workspace

workspaces create whois
workspaces select whois

Now select the whois module

modules load recon/domains-contacts/whois_pocs

Set the website as target

options set source SOURCE google.com

Check the names and usernames on social media.

modules load recon/profiles-profiles/namechk
options set SOURCE ammar

checking profiles on social media (very good results)

modules load profiler
options set SOURCE ammar
run

Getting subdomains and other info about the target (Most important)

modules load hackertarget
options set SOURCE certifiedhacker.com
run

2. Maltego recon

website>DNS using name schema>DNS SOA>DNS Mx>DNA nameservers>DNS IP address>location>

website>domains>whois

3. OSRFramework

Good for quickly finding subdomains.

sudo pip3 install osrframework //installation

Run as root.

domainfy -n eccouncil -t all

-n specify nickname of domain

-t specify list of top level domains where nick will be searched

Finding user accounts of a username

searchfy -q ammar

-q specifies the query

4. Footprinting using FOCA (windows)

Domains and document analysis

5. Billcipher

Allows to select the modules do the recon.

6. OSINT Framework

Other tools

GitHub - i3visio/osrframework: OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.GitHub
GitHub - bahatiphill/BillCipher: Information Gathering tool for a Website or IP addressGitHub
OSINT Framework
GitHub - s0md3v/ReconDog: Reconnaissance Swiss Army KnifeGitHub
Logo
Logo
Logo
GitHub - TebbaaX/GRecon: Another version of katana, more automated but less stable. the purpose of this small tool is to run a Google based passive recon against your scope.GitHub
GitHub - Moham3dRiahi/Th3inspector: Th3Inspector 🕵️ Best Tool For Information Gathering 🔎GitHub
GitHub - evyatarmeged/Raccoon: A high performance offensive security tool for reconnaissance and vulnerability scanningGitHub
Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Logo
Logo
Logo
Logo