What is Footprinting? | Types and techniques of Footprinting | Importance of Footprinting

What is Footprinting?

Footprinting in Security terms is the process of gathering data about the target system which can be utilized to execute to hack the system or target organization.

Importance of Footprinting

Before starting the content, let me connect footprinting with the real life scenario. so that it can help you understand the actual concept behind the word "Footprinting". For that let us take an example of a movie, if you have seen any action movie related with bank robbery, do the characters directly buy guns and masks and enter bank to rob it? No! If the did this, they wouldn't be able to to rob the bank successfully. High chances are they won't even be able to figure out the way to the safe.

Before going to rob the bank, what they do is make proper plan which includes collecting information about the entrance way of bank, safe where the money is kept, how to bypass the security system, which areas has less security and escape way of the bank without being tracked. As you can see, knowing about the bank plays an important role here.

Likewise, if you an ethical hacker or someone who is trying to explore the vulnerability of any given site, you need to know about your target very well before manipulating what's inside, You need to have certain information about your target, which is known as Footprinting. This is also considered as the first step, if you are trying to persuade your career as a penetration tester or security analyst.

Types of Footprinting

There are two types of footprinting:

1. Active Footprinting

Active Footprinting is a process of collecting information by directly communication with the concerned personal or the machine.

2. Passive Footprinting

Passive Footprinting is a process of collecting information about any victim without any direct communication. This can be done using various google search or public reports.

Objective of Footprinting

1. Collect Network Information
2. Collect System Information
3. Collect Personal/Organization Information

Ways and Tools for Footprinting and Target

Now let's take a look at the tools and ways to perform footprinting.

1. Search Engine -

It all starts from our browser. Everything you need is available on the internet. Let us suppose we are trying to gather information about Cisco. All you need to do is, go to your browser and enter "Cisco" in the search box. You will now get the url, which is the first peice of information you have.

Not just limiting to url but, proper searcch can also help attacker to extract information about a target such as technology platform, employee details, login pages, internet portals, etc. which helps in performing social engineering and other types of attacks.

2. Ping -

After some google searches, you will get domain name and other information about your target like hkrhasan.com

As you have the url of your target, you can now get the ip of the url with Ping Command.

ping hkrhasan.com

Example -

3. Whois Lookup -

Whois Lookup is a tool used to find out information such as DNS, domain name, name servers, IP addresses etc. You can simply click here and enter you target ip or domain name.

This search will display the various information about the target.

Or you can also simply use the command whois in Kali Linux.

whois hkrhasan.com

4. Nslookup -

Nslookup queries the specified DNS server and retrieves the requested records that are associated with the domain name you provided. This command gives you the information about the domain name's IP address.

nslookup hkrhasan.com

Or you can use dig command.

dig hkrhasan.com