9. Footprinting using footprinting tools
Footprinting tools are used to collect basic information about the target systems in order to exploit them.
1. Footprinting with Recon-ng
Start the tool
recon-ng
install all the modules
marketplace install all
list all modules
modules search
Now create a workspace and select it
workspaces create CEH
workspaces select CEH

workspaces list //if you want to see the list of workspaces
Add a website to the recon list
db insert domains
show domains // to list the domains

load the module for brute forcing hosts
modules load recon/domains-hosts/brute_hosts
Now run it with run command
You can view the hosts with the following command
show hosts
Now to resolve the host with bing
back
modules load recon/domains-hosts/bing_domain_web
run
Now reverse lookup
back
modules load recon/netblocks-hosts/reverse_resolve
create a report
modules load reporting/html
options set CREATOR ammar
options set CUSTOMER ceh
Whois with Recon-ng
create a new workspace
workspaces create whois
workspaces select whois
Now select the whois module
modules load recon/domains-contacts/whois_pocs
Set the website as target
options set source SOURCE google.com
Check the names and usernames on social media.
modules load recon/profiles-profiles/namechk
options set SOURCE ammar
checking profiles on social media (very good results)
modules load profiler
options set SOURCE ammar
run
Getting subdomains and other info about the target (Most important)
modules load hackertarget
options set SOURCE certifiedhacker.com
run

2. Maltego recon
website>DNS using name schema>DNS SOA>DNS Mx>DNA nameservers>DNS IP address>location>
website>domains>whois
3. OSRFramework
Good for quickly finding subdomains.
sudo pip3 install osrframework //installation
Run as root.
domainfy -n eccouncil -t all

Finding user accounts of a username
searchfy -q ammar
4. Footprinting using FOCA (windows)
Domains and document analysis
5. Billcipher
Allows to select the modules do the recon.
6. OSINT Framework
Other tools
Last updated
Was this helpful?