Tweet
One of the first steps in the process of footprinting tends to be using a search engine. Some search engines can easily provide you with a wealth of information that the client may have wished to have kept hidden or may have just plain forgotten about it, That exact information may show up on a Search Engine Result Page, a SERP.
Using a search engine you can find a lot of information, some of it completely unexpected or something a defender of a system never considers, such as technology platforms, employee details, login pages, Tntranet portals, and so on. A search can easily provide even more details such as names of security personnel, brand and type of firewall, and antivirus protection, and it is not unheard of to find network diagrams and other useful information.
When using a search engine effectively for footprinting, always start with the basics. The very first step in gathering information is to begin with the company name.
Do not limit the search to one search engine, because you are greatly limiting your results. Different search engines can an do give different results here and there because of the way they have been designed, and because they crawl websites differently.
Once you have gotten the basic information from the search engines, it's time to move in a little deeper and look for information relating to the company URL. Such a search on the client business name will generally obtain the external and most visible URLs for a company and perhaps some of the lesser known ones. Knowing the internal URLs or hidden URLs can provide tremendous insight into the inner structure or layout of a company. Take the time needed and go through the results passed the first handful of result pages.
Other aids are Google Dorks which are complex and powerful Google searches, and cached versions of websites that might since have been altered or no longer exists. Google have such a feature. An alternative is Archive.org aka The Wayback Machine.
Some tools are available to aid a pentester in the footprinting process such as www.Netcraft.com, which is more of a suite of related tools that lets you gather information such as web server version, IP addresses, subnet data, OS information and subdomain information for any URL provided. Another tool is Link Extractor. This utility locates and extracts the internal and external URLs for a given location.
Some of the major search engines have an alert system that will keep you apprised of any updates as they occur. The alert systems allow you to enter a means of contacting you along with one or more URLs you are interested in and a time period over which to monitor them. Search engines such as Google and Yahoo! include this service.
Using a search engine you can find a lot of information, some of it completely unexpected or something a defender of a system never considers, such as technology platforms, employee details, login pages, Tntranet portals, and so on. A search can easily provide even more details such as names of security personnel, brand and type of firewall, and antivirus protection, and it is not unheard of to find network diagrams and other useful information.
When using a search engine effectively for footprinting, always start with the basics. The very first step in gathering information is to begin with the company name.
Do not limit the search to one search engine, because you are greatly limiting your results. Different search engines can an do give different results here and there because of the way they have been designed, and because they crawl websites differently.
Once you have gotten the basic information from the search engines, it's time to move in a little deeper and look for information relating to the company URL. Such a search on the client business name will generally obtain the external and most visible URLs for a company and perhaps some of the lesser known ones. Knowing the internal URLs or hidden URLs can provide tremendous insight into the inner structure or layout of a company. Take the time needed and go through the results passed the first handful of result pages.
Other aids are Google Dorks which are complex and powerful Google searches, and cached versions of websites that might since have been altered or no longer exists. Google have such a feature. An alternative is Archive.org aka The Wayback Machine.
Some tools are available to aid a pentester in the footprinting process such as www.Netcraft.com, which is more of a suite of related tools that lets you gather information such as web server version, IP addresses, subnet data, OS information and subdomain information for any URL provided. Another tool is Link Extractor. This utility locates and extracts the internal and external URLs for a given location.
Some of the major search engines have an alert system that will keep you apprised of any updates as they occur. The alert systems allow you to enter a means of contacting you along with one or more URLs you are interested in and a time period over which to monitor them. Search engines such as Google and Yahoo! include this service.