# 9. Footprinting using footprinting tools ## 1. Footprinting with Recon-ng Start the tool ``` recon-ng ``` install all the modules ``` marketplace install all ``` list all modules ``` modules search ``` Now create a workspace and select it ``` workspaces create CEH workspaces select CEH ```

``` workspaces list //if you want to see the list of workspaces ``` Add a website to the recon list ``` db insert domains show domains // to list the domains ```

load the module for brute forcing hosts ``` modules load recon/domains-hosts/brute_hosts ``` Now run it with run command You can view the hosts with the following command ``` show hosts ``` Now to resolve the host with bing ``` back modules load recon/domains-hosts/bing_domain_web run ``` Now reverse lookup ``` back modules load recon/netblocks-hosts/reverse_resolve ``` create a report ``` modules load reporting/html options set CREATOR ammar options set CUSTOMER ceh ``` **Whois with Recon-ng** create a new workspace ``` workspaces create whois workspaces select whois ``` Now select the whois module ``` modules load recon/domains-contacts/whois_pocs ``` Set the website as target ``` options set source SOURCE google.com ``` **Check the names and usernames on social media.** ``` modules load recon/profiles-profiles/namechk ``` ``` options set SOURCE ammar ``` **checking profiles on social media (very good results)** ``` modules load profiler options set SOURCE ammar run ``` **Getting subdomains and other info about the target (Most important)** ``` modules load hackertarget options set SOURCE certifiedhacker.com run ```

## 2. Maltego recon website>DNS using name schema>DNS SOA>DNS Mx>DNA nameservers>DNS IP address>location> website>domains>whois ## 3. OSRFramework Good for quickly finding subdomains. {% embed url="" %} ``` sudo pip3 install osrframework //installation ``` Run as root. ``` domainfy -n eccouncil -t all ``` {% hint style="info" %} -n specify nickname of domain -t specify list of top level domains where nick will be searched {% endhint %}

**Finding user accounts of a username** ``` searchfy -q ammar ``` {% hint style="info" %} -q specifies the query {% endhint %} ![](https://2218819509-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrUBnODuUX4EQ8P27uc5D%2Fuploads%2FpqPdSqt0vowrIPEAtnYU%2Fimage.png?alt=media\&token=e6666031-e709-4e09-a1e4-19aea847005d) ## 4. Footprinting using FOCA (windows) Domains and document analysis ## 5. Billcipher Allows to select the modules do the recon. {% embed url="" %} ## 6. OSINT Framework {% embed url="" %} ## Other tools {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} ### Best CEH V13 Practical Course {% embed url="" %}