Footprinting is classified into two Passive & Active Information Gathering.
Foot Printing Pen Testing Steps:
Step1: Get proper Authorization.
Step2: Define the scope of the assessment.
Step3: Perform Footprinting through Search Engines.
google, aol, bing other site etc
Step4: Perform Website Footprinting.
telnet, Paros prox, Burp Suite, firebug, httrack
Step5: Perform Email Footprinting.
Email headers, eMailTrackerPro, Paraben E-mail Examiner, PoliteMail
Step6: Gather Competitive Intelligence.
Info about products, customers, competitors and technologies
using Internet.
Step7: Perform Google hacking.
GoogleHackingDatabase(GHDB), Check for google hack operators
Step8: Perform WHOIS Footprinting
whois, domain lookup table, country whois.
Step9: Perform DNS Footprinting.
dnsstuff.com, dnswatch.info
Step10: Perform Network Footprinting.
ARIN whois, NeoTrace, VisualRoute, taceroute,
www.pathanalyzer.com
Step11: Perform Footprinting through Social Engineering.
eavesdropping, shoulder surfing, dumpster diving etc etc
Step12: Perform Footprinting through Social Networking sites.
Faceboot,linkedin,google+ etc etc, Ip Grabber
Step13: Document all the findings
FootPrinting Tools: Maltego / domain name analyzer pro / web data extractor
No comments:
Post a Comment