MODULE 2

SYLLABUS
Foot printing - Introduction to foot printing - Understanding the information gathering methodology
of the hackers-Tools used for the reconnaissance phase -Port Scanning – Introduction using port
scanning tools Ping sweeps- Scripting Enumeration.

FOOT PRINTING

 Foot printing is an ethical hacking technique used to gather as much data as possible about a
specific targeted computer system, an infrastructure and networks to identify opportunities
to penetrate them.

 It is one of the best methods of finding vulnerabilities.

 The process of cybersecurity footprinting involves profiling organizations and collecting data
about the network, host, employees and third-party partners.

 This information includes the OS used by the organization, firewalls, network maps, IP
addresses, domain name system information, security configurations of the target
machine, staff IDs, email addresses and phone numbers.

 There are two types of footprinting in ethical hacking:

 Active footprinting

 Passive footprinting

WHAT IS ACTIVE FOOTPRINTING?

 An active digital footprint refers to the data that individuals intentionally share or create
online.

 This includes actions like posting on social media, sending emails, filling out online forms,
and making online purchases.

 Essentially, anything you actively do on the internet that leaves a trace of your activity
contributes to your active digital footprint

 Active footprinting describes the process of using tools and techniques, like using
the traceroute(Traceroute is a command-line utility that returns information about the
communication route) commands to collect data about a specific target

 This involves gathering information about the target with direct interaction.

 In this type of footprinting, the target may recognize the ongoing information gathering
process, as we only interact with the target network.

EXAMPLES

 Posting on social media (status updates, photos, videos).

 Sending emails.

 Creating and using online accounts (email, social media, online banking).
  Filling out online forms (surveys, registration forms).

 Making online purchases.

 Publishing blog posts or articles.

 Leaving online reviews.

WHAT IS PASSIVE FOOTPRINTING?

 A passive digital footprint refers to the online data trail that is created without any direct,
conscious action from the user.

 It's the information that is collected about you as you browse the internet, use apps, or
interact with online services, often without your explicit input or even your awareness.

 Passive footprinting is a technique used in cybersecurity and ethical hacking to gather

information about a target without directly interacting with their systems or network.

 Mastering passive footprinting is crucial for ethical hackers and penetration testers to
evaluate an organization's security posture and defend against threats

ADVANTAGES & DISADVANTAGE OF PASSIVE FOOTPRINTING

Advantage Disadvantage

Vulnerability Assessment: Information Disclosure:

Footprinting helps in identifying potential Footprinting can reveal sensitive information about the target,
weaknesses in a system's security posture,
which can be exploited by malicious actors
including open ports, services, and remote
access capabilities.

Strategic Planning: Increased Attack Surface:

By understanding the target's infrastructure The information gathered during footprinting can create a larger
and security configurations, attackers can
attack surface, making the target more vulnerable.
develop a more targeted and effective attack
strategy.

Security Improvement: Reputation Damage:

Ethical hackers can leverage footprinting If footprinting is used for malicious purposes, it can lead to
techniques to identify and address
reputation damage for the targeted organization.
vulnerabilities, helping organizations improve
their security posture

INFORMATION GATHERING METHODOLOGY OF THE HACKERS

 Information Gathering means gathering different kinds of information about the target.
  Various tools and techniques are available, including public sources such as Whois, nslookup
which can help hackers to gather user information.

Objectives of information gathering in cybersecurity

 Any basic cybersecurity information gathering process often includes these two types of data
collection goals:

 Collecting network data: Such as public, private and associated domain names, network
hosts, public and private IP blocks, routing tables, TCP and UDP running services, SSL
certificates, open ports, and more.

 Collecting system-related information: This includes user enumeration, system groups, OS

hostnames, OS system type

TYPES, TECHNIQUES, AND METHODS OF INFORMATION GATHERING

 There are many different ways to gain access to information on an organization or individual.

 Some options are fine to use from any location with internet access.

 While others can only be done in-person at a specific location.

 Ethical hackers use a big variety of techniques and tools to get this precious information
about their targets

 Social engineering: This includes in-person chat, phone conversations and email spoofing
attacks. What all these methods have in common is the psychology of human weakness,
needed to get maximum data about the target.

 Search engines: Bots can be used to fetch information about anything, and this includes
companies, persons, services

 Social networks: Facebook, Twitter, LinkedIn and other social networks are great sources of
information to build a profile, especially when targeting individuals.

 Domain names: These are registered by organizations, governments, public and private
agencies, and people. Therefore, they’re a great starting point when you want to investigate
someone. Personal information, associated domains, projects, services and technologies can
be found by inspecting domain name information.

 Internet servers: authoritative DNS servers are a great source of information, as they often
include every single surface point exposed to the Internet — which means a direct link to
related services such as HTTP, email, etc.

TOOLS WE USE TO PERFORM INFORMATION GATHERING

 Kali Linux is a powerful operating system that contains many tools for various tasks related
to information gathering.

 Wireshark: Wireshark is one of the most well-known and often used packet sniffing tools
available today. It is used by cybersecurity professionals, network administrators and hackers
to collect information from networks. Network packets contain a wealth of information, and
Wireshark captures this data for later analysis.
  Nmap (Network Mapper) is a powerful open-source tool used by ethical hackers to scan
networks, detect open ports, identify services, and discover vulnerabilities on target systems.
It helps in network reconnaissance and security auditing.

 Whois: It is a query tool used by hackers and security professionals to gather information
about domain names, such as the domain owner, registration details, IP address, and contact
information.

 The Harvester : It is a python script written by Christian Martorella. This tool is used to make
systematic list of e-mail and sub-domains related to target. Note that this tools are already
present in Kali-Linux operating system. For convenient and easy practice of these tools, it is
recommended to use Kali Linux.

TOOLS USED FOR THE RECONNAISSANCE PHASE

 Reconnaissance (or simply Recon) is initial phase in Pen Testing process.

 Penetration testing, or pen testing, is a simulated cyberattack on a system, network, or

application to identify vulnerabilities that could be exploited by real attackers.

 The goal of recon is to gather as much information about the target as you can.

 More the information, more beneficial it will be for further phases of pen testing.

 Most of new learners underestimates this phase and ignore it but recon is most important
phase of pen testing.

 Your point of view for digital world changes if you completely understood this process.

 Learning to successfully conduct the recon process is a valuable skill for anyone. There are
two strategies of recon i.e, Active and Passive reconnaissance.

 Active Recon : It means interacting directly with target to gather information. This is not
recommended because it violates the rule of “hiding traces” in pen testing.

 Passive Recon : It means gathering information about target using vast information present
on internet. In it, we aren’t interacting directly with target so there is no fear of recording or
logging of our activity by target.

RECONNAISSANCE TOOLS

 HTTrack - Website Copier : It is a free utility that downloads the offline copy of any website.

 Offline copy includes all images, pages, links and code from original website.

 Using this tool, you do not have to spend much time on target website.

 Spending too much time on any website may cause monitoring tools to log your activity.

 Google Directives : Google provides an enhanced method for search using directives.

 First write name of directive you want to use, then a colon(:) and then term you want to use
in directive.

 You can combine two or more directives as well.

 The Harvester : It is a python script written by Christian Martorella.

  This tool is used to make systematic list of e-mail and sub-domains related to target.

 Note that this tools are already present in Kali-Linux operating system.

 For convenient and easy practice of these tools, it is recommended to use Kali Linux.

PORT SCAN ATTACK:

 A port scan is a common technique hackers use to discover open doors or weak points in a
network.

 A port scan attack helps cyber criminals find open ports and figure out whether they are
receiving or sending data.

 It can also reveal whether active security devices like firewalls are being used by an
organization.

 A Port Scan attack is a dangerous type of Cyber-Attack revolving around targeting open ports
that are vulnerable to attack.

 A Port scan attack helps attackers to identify open points to enter into a cyber network and
attack the user.

 Ports are really significant as they help in tracking the traffic that enters and leaves a
computer network.
Packets and data that are transmitted over ports tell Cyber-Attackers if the specific port can
be vulnerable to attack.

 Port scanning attack helps identify of security mechanisms of the network, including
active firewalls and anti-viruses.

 In this attack, Cyber-Attackers look for open ports in the network, which they then aim to
capture to send and receive information..

 Nmap, Netcat, and IP Scanning tools are used to scan ports for vulnerability checks.

AIM AND CONSEQUENCES:

 Port scan attack is being used by attackers based on the services and security of the cyber
network.

 If proper security mechanisms including authentication methods are not properly

implemented, then they become a target attack point for Cyber-Attackers.

 Cybercriminals make use of the vulnerable target security breaches and open port
information to get into the user/ organization systems.

PREVENTION

 Secured Firewalls:

 A firewall can be used to track the traffic of open ports, including both incoming and
outgoing traffic from the network.

 Strong Security Mechanisms:

 Computer systems with strong security can protect open ports from being exploited.
  Security administrators should be well aware that any harmful attack should not be
allowed access to computer open ports.

PING SWEEPS

 A ping is a special type of network packet called an ICMP packet

 A Ping Sweep is a technique used in computer networks to automatically send a series of

ICMP Echo Request packets to a range of IP addresses, instead of manually entering each
address.

 It allows for efficient host discovery by identifying live hosts on a network.

 Used as information gathering techniques in ethical hacking as well as by attackers during

reconnaissance.

Purpose in Hacking & Security Testing:

 Helps attackers or administrators to identify active systems before launching attacks or

monitoring them.

WORKING OF PING

 Pings work by sending specific types of network traffic, called ICMP Echo Request packets, to
a specific interface on a computer or network device.

 If the device (and the attached network card) that received the ping packet is turned on and
not restricted from responding, the receiving machine will respond back to the originating
machine with an Echo Reply packet.

 Aside from telling us that a host is alive and accepting traffic, pings provide other valuable
information including the total time it took for the packet to travel to the target and return.

 Pings also report traffic loss that can be used to gauge the reliability of a network
connection.

SCRIPTING ENUMERATION

 Enumeration is the process of extracting information about resources, users, services, and
devices on a system/network.

 Scripting Enumeration means using scripts or automation tools to perform enumeration

efficiently.

 Used as information gathering techniques in ethical hacking as well as by attackers during

reconnaissance.

What it extracts:

 Usernames, passwords (hashes).

 Network shares and services.

 OS details, software versions.

 Open ports and vulnerabilities.

Tools & Scripts Used:

  Nmap NSE (Nmap Scripting Engine) – automates service detection & vulnerability scanning.

 Metasploit auxiliary scripts for SMB/FTP/HTTP enumeration.

 Custom Python/PowerShell/Bash scripts.

Purpose:

 System administrators: troubleshoot & secure systems.

 Hackers: gather data for exploitation.