# 9. Footprinting using footprinting tools ## 1. Footprinting with Recon-ng Start the tool ``` recon-ng ``` install all the modules ``` marketplace install all ``` list all modules ``` modules search ``` Now create a workspace and select it ``` workspaces create CEH workspaces select CEH ```

``` workspaces list //if you want to see the list of workspaces ``` Add a website to the recon list ``` db insert domains show domains // to list the domains ```

load the module for brute forcing hosts ``` modules load recon/domains-hosts/brute_hosts ``` Now run it with run command You can view the hosts with the following command ``` show hosts ``` Now to resolve the host with bing ``` back modules load recon/domains-hosts/bing_domain_web run ``` Now reverse lookup ``` back modules load recon/netblocks-hosts/reverse_resolve ``` create a report ``` modules load reporting/html options set CREATOR ammar options set CUSTOMER ceh ``` **Whois with Recon-ng** create a new workspace ``` workspaces create whois workspaces select whois ``` Now select the whois module ``` modules load recon/domains-contacts/whois_pocs ``` Set the website as target ``` options set source SOURCE google.com ``` **Check the names and usernames on social media.** ``` modules load recon/profiles-profiles/namechk ``` ``` options set SOURCE ammar ``` **checking profiles on social media (very good results)** ``` modules load profiler options set SOURCE ammar run ``` **Getting subdomains and other info about the target (Most important)** ``` modules load hackertarget options set SOURCE certifiedhacker.com run ```

## 2. Maltego recon website>DNS using name schema>DNS SOA>DNS Mx>DNA nameservers>DNS IP address>location> website>domains>whois ## 3. OSRFramework Good for quickly finding subdomains. {% embed url="" %} ``` sudo pip3 install osrframework //installation ``` Run as root. ``` domainfy -n eccouncil -t all ``` {% hint style="info" %} -n specify nickname of domain -t specify list of top level domains where nick will be searched {% endhint %}

**Finding user accounts of a username** ``` searchfy -q ammar ``` {% hint style="info" %} -q specifies the query {% endhint %} ![](/files/e9NfERLdQygBgA4ubfZr) ## 4. Footprinting using FOCA (windows) Domains and document analysis ## 5. Billcipher Allows to select the modules do the recon. {% embed url="" %} ## 6. OSINT Framework {% embed url="" %} ## Other tools {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} ### Best CEH V13 Practical Course {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ceh-practical.cavementech.com/module-2.-footprinting-and-reconnaissance/9.-footprinting-using-footprinting-tools.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.