Monday 31 August 2015

Ethical Hacking - Module2: Footpringint & Reconnaissance (Information Gathering)


Footprinting is classified into two Passive & Active Information Gathering.

Foot Printing Pen Testing Steps:

Step1: Get proper Authorization.

Step2: Define the scope of the assessment.

Step3: Perform Footprinting through Search Engines.
    google, aol, bing other site etc

Step4: Perform Website Footprinting.
    telnet, Paros prox, Burp Suite, firebug, httrack

Step5: Perform Email Footprinting.
Email headers, eMailTrackerPro, Paraben E-mail Examiner, PoliteMail

Step6: Gather Competitive Intelligence.
    Info about products, customers, competitors and technologies
      using Internet.

Step7: Perform Google hacking.
    GoogleHackingDatabase(GHDB), Check for google hack operators

Step8: Perform WHOIS Footprinting
    whois, domain lookup table, country whois.

Step9: Perform DNS Footprinting.
    dnsstuff.com, dnswatch.info

Step10: Perform Network Footprinting.
    ARIN whois, NeoTrace, VisualRoute, taceroute,
    www.pathanalyzer.com

Step11: Perform Footprinting through Social Engineering.
    eavesdropping, shoulder surfing, dumpster diving etc etc

Step12: Perform Footprinting through Social Networking sites.
    Faceboot,linkedin,google+ etc etc, Ip Grabber

Step13: Document all the findings

FootPrinting Tools: Maltego / domain name analyzer pro / web data extractor

No comments:

Post a Comment