9. Footprinting using footprinting tools

Footprinting tools are used to collect basic information about the target systems in order to exploit them.

1. Footprinting with Recon-ng

Start the tool

recon-ng

install all the modules

marketplace install all

list all modules

modules search

Now create a workspace and select it

workspaces create CEH
workspaces select CEH
workspaces list //if you want to see the list of workspaces

Add a website to the recon list

db insert domains
show domains // to list the domains

load the module for brute forcing hosts

modules load recon/domains-hosts/brute_hosts

Now run it with run command

You can view the hosts with the following command

show hosts

Now to resolve the host with bing

back
modules load recon/domains-hosts/bing_domain_web
run

Now reverse lookup

back
modules load recon/netblocks-hosts/reverse_resolve

create a report

modules load reporting/html
options set CREATOR ammar
options set CUSTOMER ceh

Whois with Recon-ng

create a new workspace

workspaces create whois
workspaces select whois

Now select the whois module

modules load recon/domains-contacts/whois_pocs

Set the website as target

options set source SOURCE google.com

Check the names and usernames on social media.

modules load recon/profiles-profiles/namechk
options set SOURCE ammar

checking profiles on social media (very good results)

modules load profiler
options set SOURCE ammar
run

Getting subdomains and other info about the target (Most important)

modules load hackertarget
options set SOURCE certifiedhacker.com
run

2. Maltego recon

website>DNS using name schema>DNS SOA>DNS Mx>DNA nameservers>DNS IP address>location>

website>domains>whois

3. OSRFramework

Good for quickly finding subdomains.

LogoGitHub - i3visio/osrframework: OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.GitHub
sudo pip3 install osrframework //installation

Run as root.

domainfy -n eccouncil -t all

-n specify nickname of domain

-t specify list of top level domains where nick will be searched

Finding user accounts of a username

searchfy -q ammar

-q specifies the query

4. Footprinting using FOCA (windows)

Domains and document analysis

5. Billcipher

Allows to select the modules do the recon.

LogoGitHub - bahatiphill/BillCipher: Information Gathering tool for a Website or IP addressGitHub

6. OSINT Framework

OSINT Framework

Other tools

LogoGitHub - s0md3v/ReconDog: Reconnaissance Swiss Army KnifeGitHub
LogoGitHub - TebbaaX/GRecon: Another version of katana, more automated but less stable. the purpose of this small tool is to run a Google based passive recon against your scope.GitHub
LogoGitHub - Moham3dRiahi/Th3inspector: Th3Inspector 🕵️ Best Tool For Information Gathering 🔎GitHub
LogoGitHub - evyatarmeged/Raccoon: A high performance offensive security tool for reconnaissance and vulnerability scanningGitHub
LogoCertified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Previous8. Email FootprintingNext10. Perform Footprinting using AI

Last updated

Was this helpful?