9. Footprinting using footprinting tools

1. Footprinting with Recon-ng

Start the tool

recon-ng

install all the modules

marketplace install all

list all modules

modules search

Now create a workspace and select it

workspaces create CEH
workspaces select CEH

workspaces list //if you want to see the list of workspaces

Add a website to the recon list

db insert domains
show domains // to list the domains

load the module for brute forcing hosts

modules load recon/domains-hosts/brute_hosts

Now run it with run command

You can view the hosts with the following command

show hosts

Now to resolve the host with bing

back
modules load recon/domains-hosts/bing_domain_web
run

Now reverse lookup

back
modules load recon/netblocks-hosts/reverse_resolve

create a report

modules load reporting/html
options set CREATOR ammar
options set CUSTOMER ceh

Whois with Recon-ng

create a new workspace

workspaces create whois
workspaces select whois

Now select the whois module

modules load recon/domains-contacts/whois_pocs

Set the website as target

options set source SOURCE google.com

Check the names and usernames on social media.

modules load recon/profiles-profiles/namechk

options set SOURCE ammar

checking profiles on social media (very good results)

modules load profiler
options set SOURCE ammar
run

Getting subdomains and other info about the target (Most important)

modules load hackertarget
options set SOURCE certifiedhacker.com
run

2. Maltego recon

website>DNS using name schema>DNS SOA>DNS Mx>DNA nameservers>DNS IP address>location>

website>domains>whois

3. OSRFramework

Good for quickly finding subdomains.

sudo pip3 install osrframework //installation

Run as root.

domainfy -n eccouncil -t all

Finding user accounts of a username

searchfy -q ammar

4. Footprinting using FOCA (windows)

Domains and document analysis

5. Billcipher

Allows to select the modules do the recon.

6. OSINT Framework

Other tools