Footprinting (also known as reconnaissance) commonly refers to one of the pre-attack phases; tasks performed before doing the actual attack. In other words, footprinting is the first step in the evaluation of the security posture of the target organization’s IT infrastructure. During this phase, a hacker can collect the following information −
- Domain name
- IP Addresses
- Employee information
- Phone numbers
- Job Information
Footprinting can help hackers find a number of opportunities to penetrate and assess the target’s network. In order to obtain such information, hackers might have to utilise various tools and technologies.
Some of the tools used for Footprinting are:
- Sam Spade: A set of powerful tools suitable for hacking. Read this article.
- Nslookup: This is a command line tool which installed on all operating systems to trace the IP address assigned to a specific domain and vice versa.
- Traceroute: The tool ‘traces the route’ from your IP to the IP of the end host you specify. It is particularly useful in identifying routers, firewalls and gateways which exists between you and your target.
- Nmap: this tool has been the de facto network scanning tool for many years. Of course it can do much more than merely scan for live hosts but during the active footprinting phase that is all we want to do.
Also there are some technique used for footprinting:
- DNS queries
- Network enumeration
- World Wide Web spidering
- Network queries
- Port Scanning
- Operating system identification
- Point of contact queries
- Registrar queries (WHOIS queries)
- SNMP queries
- Organizational queries
- Ping sweeps
Also, Wireshark is used for footprinting.
Types of Footprinting
There are two types of footprinting that can be used:
- Active: This type is the process of using tools and techniques, such as performing a ping sweep or using the traceroute command, to gather information on a target.
- Passive: This type is the process of gathering information on a target by innocuous, or, passive, means.
Some examples of ways to use active footprinting are:
- Performing traceroute analysis
- Gathering information through email tracking
- Performing Whois lookup
- Extracting DNS information
Some examples of ways to use passive footprinting are:
- Browsing the target’s website
- Monitoring target using alert services
- Visiting social media profiles of employees
- Collecting location information on the target through web services
- Searching for the website on WHOIS
- Finding Information through search engines
- Collecting information through social engineering on social networking sites.
- Gathering infrastructure details of the target organization through job sites
- Gathering financial information about the target through financial services
Active Footprinting can trigger a target’s Intrusion Detection System (IDS) and may be logged but passive Footprinting is the stealthier method since it will not trigger a target’s IDS or otherwise alert the target of information being gathered.
Footprinting using advanced Google hacking techniques gather information by locating strings of text within search results. In order to confine a search, Google offers advanced search operators. These search operators help to narrow down the search query and get the most relevant and accurate output.
Hackers can create complex search engine queries in order to filter large amounts of search results to obtain information related to computer security. Hackers locate specific strings of text within the search results to detect websites and web servers that are vulnerable to exploitation, as well as locate private, sensitive information about others. Once a vulnerable site is identified, attackers try to launch various possible attacks such as SQL injection or buffer overflows that compromise information security.
Details collected include compromised passwords, default credentials, competitor information, information related to a particular topic etc.
Example:inurl:, site:, allintitle etc
Ethical Hacking & Footprinting
Footping could also be a security solution. A security expert can use footprinting to identify network security vulnerabilities. This is actually the concept of ethical hacking.
We know in footpring process, Information such as ip address, Whois records, DNS information, an operating system used, employee email id, Phone numbers etc is collected. So, footprinting helps us to
- Know Security Posture: The data gathered will help us to get an overview of the security posture of the company such as details about the presence of a firewall, security configurations of applications etc.
- Reduce Attack Area: Can identify a specific range of systems and concentrate on particular targets only.
- Identify vulnerabilities: we can build an information database containing the vulnerabilities, threats, loopholes available in the system of the target organization.
- Draw Network map: helps to draw a network map of the networks in the target organization covering topology, trusted routers, presence of server and other information.
How to Prevent Footprinting?
Footprinting is the first step to perform in pen testing process. The pen tester will discover potential security liabilities that an attacker may exploit. Footprinting penetration testing helps organizations/businesses to:
- Prevent information leakage
- Reduce the chances of Social Engineering
- Prevent DNS record retrieval from public servers