9. Footprinting using footprinting tools
1. Footprinting with Recon-ng
Start the tool
install all the modules
list all modules
Now create a workspace and select it
Add a website to the recon list
load the module for brute forcing hosts
Now run it with run command
You can view the hosts with the following command
Now to resolve the host with bing
Now reverse lookup
create a report
Whois with Recon-ng
create a new workspace
Now select the whois module
Set the website as target
Check the names and usernames on social media.
checking profiles on social media (very good results)
Getting subdomains and other info about the target (Most important)
2. Maltego recon
website>DNS using name schema>DNS SOA>DNS Mx>DNA nameservers>DNS IP address>location>
website>domains>whois
3. OSRFramework
Good for quickly finding subdomains.
Run as root.
-n specify nickname of domain
-t specify list of top level domains where nick will be searched
Finding user accounts of a username
-q specifies the query
4. Footprinting using FOCA (windows)
Domains and document analysis
5. Billcipher
Allows to select the modules do the recon.
6. OSINT Framework
Other tools
Last updated