Venom Academy/Ethical Hacking/Footprinting

is under information gathering. Footprinting is the method used to gather information on a host or system through lookups and scanning. Footprinting can be divided into different manners, we shall be looking into all of those in this chapter.

Types
Footprinting is mainly divided into two:


 * Active Footprinting - Involves interaction with the target system, this involves direct scans and other types of scans
 * Passive Footprinting - Involves the use of OSINT -

Advantages of Footprinting
A hacker would Footprinting a host for certain reasons, below are some ways that Footprinting could be an advantage in penetration testing.

Footprinting is performed to find:


 * Information about the security posture of a host
 * Its also used as a method of reducing the focus area
 * Footprinting can be used to identify vulnerabilities
 * Its also done on networks, to discover deeper information on the target network.

Lab Exercise
Now we shall be looking into a few examples of Footprinting

Google hacking
is a method of using the Google search engine to narrow down searches. Below is the Google hacking cheat sheet

https://shodan.io is also called "The search engine for hackers". It is similar to a regular search engine but it only searches specific data on specified hosts. To use Shodan all that is required is for you to create an account. Shodan can show usernames and even passwords of certain systems and hosts

The Harvester
One of the most important vulnerabilities in a organization is it's employees. Gathering information about e-mails of employees Ina certain organization can give us a broad range of attacking vectors. This method is classified under passive information gathering. We use a special program called which is written in python. The Harvester works by spidering public pages of a given domain while gathering e-mail addresses simultaneously. You can download the Harvester from GitHub for or your computer. Now let's see how we can use The Harvester. The Harvester comes with a couple of commands. To see the help index type the command below. root@venom [$]~ theHarvester -h The above will show you the list of commands that can be executed with The Harvester. The commands are below


 * -l is used to limit the the results that you receive
 * -d is used to specify the target domain that we want to footprint on
 * -b is used to specify the place that you want to extract information from

If the help index is hard to understand let's look at an example. root@venom [$]~ theHarvester -d microsoft.com -l 500 -b google In the example above we can see that:

We have set the target domain to "microsoft.com
 * We have limited the results to 500

We chose to perform our search on Google

When a command like the example above is used, the Harvester will respond with a list of e-mails. In this case the response below was shown. [+]Emails found: - devnom@microsoft.com Fleming@microsoft.com newsp@microsoft.com playXBLA@microsoft.com webcamps@microsoft.com tharris@microsoft.com

WHOIS is a large database that contains formation on technically all the websites on the web. The information that are shown includes, the owner of the website and contact details of the owner. Who is can be installed on android termux and linux using the following command apt-get install whois Inn order to perform a whois search on a website, you first need to invoke whois then specify the target website whois www.venomacademy.tk