Various methods used to collect information about the target organization. They are
Footprinting through Search Engines
This is a passive information gathering process where we gather information about the target from social media, search engines, various websites etc. Information gathered includes name, personal details, geographical location detrails, login pages, intranet portals etc. Even some target specific information like Operating system details, IP details, Netblock information, technologies behind web application etc can be gathered by searching through search engines
Eg: collecting information from Google, Bingo etc
Google hacking refers to collecting information using google dorks (keywords) by constructing search queries which result in finding sensitive information.details collected include compromised passwords, default credentials, competitor information, information related to a particular topic etc.
Eg:inurl:, site:, allintitle etc
Examining HTML Source and Examining Cookies:
Html source codes of a web application may give us an understanding of the application functionality, hidden fields, comments, variable names etc. Cookies are used to identify a user in his session. these cookies may be stored in the browser or passed in the URL, or in the HTTP header.
The entire website can be mirrored using tools like HTTtracker to gather information at our own phase.
Extract website Archives: older versions of website can be obtained
which may reveal some information related to the target.
email header reveals information about the mail server, original sender’s email id, internal IP addressing scheme, as well as the possible architecture of the target network
Competitive intelligence gathering is the process of gathering information about the competitors from resources such as the Internet.
Eg: company website, search engine, internet, online databases, press releases, annual reports, trade journals
Google Hacking/Google Dorks
This is a process of creating search queries to extract hidden information by using Google operators to search specific strings of text inside the search results.
Some google operators, site, allinurl, inurl, allintitle
Whois databases and the servers are operated by RIR – Regional Internet Registries. These databases contain the personal information of Domain Owners. Whois is a Query response protocol used for querying Whois databases and its protocol is documented in RFC 3912. Whois utility interrogates the Internet domain name administration system and returns the domain ownership, address, location, phone numbers, and other details about a specified domain name.
DNS is a naming system for computers that converts human-readable domain names into computer readable IP-addresses and vice versa.DNS uses UDP port 53 to serve its requests. A zone subsequently stores all information, or resource records, associated with a particular domain into a zone file; Resource records responded by the name servers should have the following fields:
Domain Name — Identifying the domain name or owner of the records
Record Types — Specifying the type of data in the resource record
Record Class — Identifying a class of network or protocol family in use
Time to Live (TTL) — Specifying the amount of time a record can be stored in cache before discarded.
Record Data — Providing the type and class dependent data to describe the resources.
A (address)—Maps a hostname to an IP address
SOA (Start of Authority)—Identifies the DNS server responsible for the domain information
CNAME (canonical name)—Provides additional names or aliases for the address record
MX (mail exchange)—Identifies the mail server for the domain
SRV (service)—Identifies services such as directory services
PTR (pointer)—Maps IP addresses to hostnames
NS (name server)—Identifies other name servers for the domain
HINFO = Host Information Records
DNS servers perform zone transfers to keep themselves up to date with the latest information. A zone transfer of a target domain gives a list of all public hosts, their respective IP addresses, and the record type.
Footprinting through Social Engineering:
Social media like twitter, facebook are searched to collect information like personal details, user credentials, other sensitive information using various social engineering techniques. Some of the techniques include
- Eavesdropping: It is the process of intercepting unauthorized communication to gather information
- Shoulder surfing: Secretly observing the target to gather sensitive information like passwords, personal identification information, account information etc
- Dumpster Diving: This is a process of collecting sensitive information by looking into the trash bin. Many of the documents are not shredded before disposing them into the trash bin . Retrieving these documents from trash bin may reveal sensitive information regarding contact information, financial information, tender information etc.
- Footprinting countermeasures:
- Creating awareness among the employees and users about the dangers of social engineering
- Limiting the sensitive information
- encrypting sensitive information
- using privacy services on whois lookup database
- Disable directory listings in the web servers
- Enforcing security policies