VULNERABILITY ASSESSMENT AND PENETRATION TESTING

LAB
NAME : [Link] ROLLNO : 22R21A62B8 BRANCH:CSC-B

WEEK-2
FOOTPRINTING AND RECONNAISSANCE
Unit Structure
1.0 Objective
1.1 Introduction of Footprinting and Reconnaissance
1.2 Performing footprinting using Google Hacking
1.3 Website information
1.3.1 Information about an archived website
1.3.2 To extract contents of a website
1.4 To trace any received email
1.5 To fetch DNS information
1.6 Summary
1.7 List of References
1.8 Bibliography

1.0 OBJECTIVE
After going through this module, you will be able to:

● Know the hacking of Footprinting and Reconnaissance.

● Study and understand how to gather and review information
related using different foot printing techniques
● Study and understand website information like archived website
and extract contents of a website.
● Study and understand trace out email.
● Study and understand to fetch DNS information.

1.1 INTRODUCTION OF FOOTPRINTING AND

RECONNAISSANCE
Foot printing (sometimes it’s also called Reconnaissance). It means
gathering information about a target system that can be executed cyber-
 attack. For this method hackers might use different methods or different tools.
This is simple method for hackers to know the information about the system and devices
or network.

Types of Footprints
a) Active Footprinting: It means performing footprinting by getting indirect touch with
target machine.
b) Passive Footprinting: It means collecting information about a system
located at remote distance from the attacker.

These are information gathered from footprinting

● Operating System from target machine

● IP address
● Firewall

● Network Map
● Security configurations of the target machine
● Email ID

● Password
● Server Configuration
● URL’s (Uniform Resource Locator)
● VPN (Virtual Private Network)
From different resources we do footprinting
● Search Engine
● Website

● Social Engineering
● DNS
● Email Tracking
● social media
 Advantages of Footprinting
1) It allows hackers to gather the basic configurations of target
2) It is best method of vulnerabilities.
3) By using this hacker identify as to which attacker is handier to hack the target system

1.2 PERFORMING FOOTPRINTING USING GOOGLE HACKING:

To gather the information hackers may use search engines like Google. Google may be used to know
the information of target system. If hackers know how to use search engines or google then hackers
collect more information like company details, company policies, careers etc. This is passive
information gathering method it includes name, personal details, geographical location, login pages,
internet portal information and sometime target system operating system, internet protocol (IP) address
of that system, Netblock information, web technologies used, different web application used by that
system all this information gathered through search engine.
For example, we must search or gather information from search engine footprinting using google
hacking.

It displays the information, videos, images related our search.

 When click on next page we get more information

Different operators are used to find information with Google. There are several server
operators are present like
● cache: It Displays the cheche of domain.
● filetype: It displays the types of files of target system or domains used file type like
PHP, PDF, TXT.
● inurl: Matches the text which is URL
● intitle: This allows user to search the pages with the text with html page title.
● allinetext: It requires a page to match all of the given text.

● allinurl: Returns all the matching criteria

For example, we can use these operators to find any devices which is connected to the
internet like web camera. From Google you can gain very sensitive information. A term
exists for the people who does not know the disadvantages of post the information they are
called “Google Dorks”
Google Dorking is the technique used by hackers to find the information exposed accidently
to the internet.
1.2 WEBSITE INFORMATION

Website footprinting is the technique which is used to extract the details related to website.
When we are browsing any website or any target website, we may provide this information
● Whose website (name, contact number, emails etc)

● Which software used? Version of that software.

● Operating system details
● Domains details

● Sub-domain details.
● Scripting platform
● File name and file path

When hacker wants to get details information about any website, it may be
1) Achieved the description of website
2) Content Management system and framework
3) Web Crawling
4) Script and platform of website and web server
5) Extract metadata and contact details from website.
6) Website and web page monitoring and analyzer
Whois is the tool which is used to renowned internet record listing to identify the who
owns a domain or who registered that domain and contact details.

[Link] about an archived website

When hacker or any user wants to archived website or history of website, they can use
[Link]
.org
[Link] is the online tool which allows us to archived version of website. It is
referring to the older version of the website which is existed a time before and changed
[Link] is the website that collect all snapshots of all the websites of all the
regular interval of the time.
Step 1: Type [Link] in Google
Step2: Click on Internet Archi

Step 3: You can enter Domain name in the search box

Step 4: Suppose we want to check for Wikipedia, so we entered the search box.

Step 5: For how the website was looking and are the pages are present
on that website with different dates.

1.1.1 To extract contents of a website:

Web Data Extractor pro is web scraping tool designed for mass
gathering different data types. With the help of web data extractor, you
can custom extraction structured data.
Start with the new project then type in URL then click on meta tag.
The entire website can be mirrored using tool like HTT tacker to collect information at own
phase.

1.2 TO TRACE ANY RECEIVED EMAIL

Email footprinting is used for collecting information from emails by monitoring the email
delivery and checking with headers. Where email headers give information about the mail
server’s, original mail sender email id It gives architecture of target network.
We can gain information from email footprinting
● IP address of recipient
● Email delivery information
● Geolocation of recipient
● Visited links
● OS Information
● Browser information
● Reading time
Email herders include information like
● Email address of sender
● IP address of sender

● Mail Server Information

● Send and delivery stamp
● Unique number of messages

Different tools are used for email footprinting

1) Email tracker pro
2) What is my IP address
3) [Link]

Email tracker pro:

Whenever we have to install email tracker pro, we need to install two key’s components
1) Java version 6 or above
2) Microsoft .net framework 4.0 must installed
Step1: Type in google email Tracker pro [Link] click button to download
emailtrackerPro.
Step2: Click on next button

Step3: Choose the components.

Step4: By clicking on finish button, finish the installation.

Step 5: After the completion of installation add your email address by clicking on sign up
button.

Step 6: Fill this information.

Step 7: Now open any email that you want to trace and click on three dots and select show
original message and copy the message in clipboard.
Step 8: Now click on trace header button its display below window

Step 9: Now paste original message in the email headers section.

Step 10: Click on Trace button.

Step 11: To view report click the button view report it displays all information.

1.2 TO FETCH DNS INFORMATION

DNS means Domain Name System is system which allows us to convert Computer IP
address into human readable domain name. Basically, DNS footprinting is used to gather
information about DNS zone data. Attackers use DNS information to determine key hosts
in the network
Different tools we can use like [Link] record type used by DNS
editor who make changes in DNS server. DNS records provides information about location
and types of servers.
Records Description
A (address) - Shows IP Address
MX (Mail Exchange) - Shows Domain Name Server
CNAME(Canonical name) - points one or sub domain or
additional names for address record
NS (Name Server) - Shows Host
Name Server SRV (Service) - Shows Service
Records
PTR(Pointer) - maps IP address to Host name

RP - Responsible person

HINFO - Host information Records

TXT - Where records point to

DNS servers perform zone transfers to keep updated information. A zone transfer of a target
domain gives list of public networks, IP address and record type.
For Domain Name information you can use [Link] this website gives
us all information of domain like name, owner, registration, expiry, servers name etc.
Step 1: Just Put website address in Google that is
[Link]
Step 2: It goes to the website where we have to put domain name or IP address of target

Stpe3: For example, we can consider the [Link]. It displays all information of
domain Wikipedia.
4) NS Lookup:
To check NS lookup command on windows just go to the cmd from start menu

Step 1: Type nslookup command in cmd

Step 2: For example, we put [Link] it displays below information.

3) To find out IP address you can use ping command in windows and
Linux also. Ex. We have to find IP address of google then command is,
Ping [Link]
3) Different commands for Linux/Unix:

If you are using Linux/Unix operating system, then you have to use
commands like
1) Dig-is command-based tool used for DNS records and
name servers. To detect DNS type
Syntax: dig
[Link] Ex.
dig [Link]
2) nslookup commands-to
perform DNS lookup Syntax: nslookup
[Link]
Ex. nslookup [Link]
3) Ping -For IP address as well as quicky find
DNS records. Syntax: ping [Link]

Ex. ping [Link]

1.2 SUMMARY
Footprinting means gathering information about a target system that can be executed
cyber-attack. For this method hackers might use different methods or different tools.
Hackers gathers information from footprinting. It is best method of finding vulnerabilities.
There are different ways to find the information on target network or target system such as
Search Engine, Website, Social Engineering, Domain Name System, Email Tracking, and
social media. By using Google search, we get name, personal details, geographical location,
login pages, internet portal information and sometime target system, operating system,
internet protocol (IP) address of that system, Netblock information, web technologies used,
A different web application used by that system all this information gathered through search
engines. [Link] is the online tool which allows us to the archived version of website.
It is referring to the older version of the website which is existed a time before and changed
one.
For DNS footprinting, we can use [Link] this website gives us all
information about domain like name, owner, registration, expiry, server name etc. or
nslookup or command which treats as tool like ping, dig.
1.3 LIST OF REFERENCES:
a) [Link] Footprinting%20 (also%20
known%20as%20 reconnaissance, to%20crack %20a% 20 whole%20 system.

b) [Link]

c) [Link] [Link]

d) [Link]
e) [Link]
hacking-hacker-social-engineering-ids-security-ceh-nslookup-nmap/

f) [Link]

g) [Link]

h) [Link]
e42cc90c3245

i) [Link]

[Link]

1.4 BIBLIOGRAPHY

1. Manthan Desai, Basics of ethical hacking for beginners

2. Tutorials Point professionals, Ethical Hacking.

3. Matt Walker, All-In-One-CEH-Certified-Ethical-Hacker-Exam-Guide.