Footprinting means that you are using primarily passive methods of gaining information from a target prior to performing the later active methods. Footprinting is the process of collecting as much information as possible about a target network for identifying various ways to penetrate into the target organization's network. This is the first step of any attack and the attacker will gather publicly available sensitive information. Typically, you keep interaction with your target to a minimum to avoid detection, thus alerting the target that something is coming in their direction. A myriad of methods are available to perform this task, such as WhoIs queries, Google searches, job board searches, and discussion groups. This includes social engineering, system and network attacks etc.
Know Security Posture
Footprinting allows an attacker to know the external security posture of the target organization.
Reduce Focus Area
It reduces the attacker's focus area to specific ranges of IP addresses, networks, domain names, remote access options etc.
Identify Vulnerabilities
It allows an attacker to identify vulnerabilities in the target systems in order to select which exploits to use.
Draw Network Maps
It allows an attacker to draw a map or outline the target organization's network infrastructure to know about the actual environment the attack is targeting.
There is a lot of information to be collected. Here is a incomplete list of information information to collect including some enumerated information.
Network Information
System Information
Organization information
Know Security Posture
Footprinting allows an attacker to know the external security posture of the target organization.
Reduce Focus Area
It reduces the attacker's focus area to specific ranges of IP addresses, networks, domain names, remote access options etc.
Identify Vulnerabilities
It allows an attacker to identify vulnerabilities in the target systems in order to select which exploits to use.
Draw Network Maps
It allows an attacker to draw a map or outline the target organization's network infrastructure to know about the actual environment the attack is targeting.
There is a lot of information to be collected. Here is a incomplete list of information information to collect including some enumerated information.
Network Information
- Domain name
- Internal domain names
- Network blocks
- IP addresses of online hosts
- Rogue websites and private websites
- TCP and UDP services available
- Access control mechanisms and ACL information
- Network protocols
- VPN endpoints
- IDS running
- Analog and digital telephone numbers
- Authentication mechanisms
- System enumeration information
System Information
- User and group names
- System banners
- Routing tables
- SNMP information
- System architecture
- Remote system types
- System names
- Passwords
Organization information
- Employee details
- Organization websites
- Company directory
- Location details
- Addresses and phone numbers
- Comments in source code such as HTML, CSS and Javascript from the corporate website
- Security policies implemented
- Web server links relevant to the organization
- Background of the organization
- News articles
- Press releases