02 - Footprinting and Reconnaissance

Before a penetration test even begins, penetration testers spend time with their clients working out the scope, rules, and goals of the test. The penetration testers may break in using any means necessary, from information found in the dumpster, to web application security holes, to posing as the cable guy. After pre-engagement activities, penetration testers begin gathering information about their targets.

Module Objective

The objective of the lab is to extract information concerning the target organization that includes, but is not limited to:

  • IP address range associated with the target
  • Purpose of organization and why does it exist
  • How big is the organization? What class is its assigned IP Block?
  • Does the organization freely provide information on the type of operating systems employed and network topology in use?
  • Type of firewall implemented, either hardware or software or combination of both
  • Does the organization allow wireless devices to connect to wired networks?
  • Type of remote access users, either SSH or VPN
  • Is help sought on IT positions that give information on network services provided by the organization?
  • Identify organization’s users who can disclose their personal information that can be used for social engineering and assume such possible usernames

Lab Objectives

The objective of this lab is to demonstrate how to extract a company’s data using Web Data Extractor. Students will learn how to:

Extract Meta Tag, Email, Phone/Fax from the web pages


A penetration test begins before penetration testers have even made contact with the victim’s systems. Rather than blindly throwing out exploits and praying that one of them returns a shell, a penetration tester meticulously studies the environment for potential weaknesses and their mitigating factors. By the time a penetration tester runs an exploit, he or she is nearly certain that it will be successful. Since failed exploits can in some cases cause a crash or even damage to a victim system, or at the very least make the victim un-exploitable in the future, penetration testers won't get the best results, or deliver the most thorough report to their clients, if they blindly turn an automated exploit machine on the victim network with no preparation.

Module Syllabus

  • Footprinting Terminologies
  • What is Footprinting?
  • Objectives of Footprinting
  • Footprinting Threats
  • Finding a Company’s URL
  • Locate Internal URLs
  • Public and Restricted Websites
  • Search for Company’s Information
    • Tools to Extract Company’s Data
  • Footprinting Through Search Engines
  • Collect Location Information
    • Satellite Picture of a Residence
  • People Search
    • People Search Using http://pipl.com
    • People Search Online Services
    • People Search on Social Networking Services
  • Gather Information from Financial Services
  • Footprinting Through Job Sites
  • Monitoring Target Using Alerts
  • Competitive Intelligence Gathering
    • Competitive Intelligence-When Did this Company Begin? How Did it Develop?
    • Competitive Intelligence-What are the Company's Plans?
    • Competitive Intelligence-What Expert Opinion Say About the Company?
    • Competitive Intelligence Tools
    • Competitive Intelligence Consulting Companies
  • WHOIS Lookup
    • WHOIS Lookup Result Analysis
    • WHOIS Lookup Tools: SmartWhois
    • WHOIS Lookup Tools
    • WHOIS Lookup Online Tools
  • Extracting DNS Information
    • DNS Interrogation Tools
    • DNS Interrogation Online Tools
  • Locate the Network Range
  • Traceroute
    • Traceroute Analysis
    • Traceroute Tool: 3D Traceroute
    • Traceroute Tool: LoriotPro
    • Traceroute Tool: Path Analyzer Pro
    • Traceroute Tools
  • Mirroring Entire Website
    • Website Mirroring Tools
    • Mirroring Entire Website Tools
  • Extract Website Information from http://www.archive.org
  • Monitoring Web Updates Using Website Watcher
  • Tracking Email Communications
    • Email Tracking Tools
  • Footprint Using Google Hacking Techniques
  • What Can a Hacker Do With Google Hacking?
  • Google Advanced Search Operators
    • Finding Resources using Google Advanced Operator
  • Google Hacking Tool: Google Hacking Database (GHDB)
  • Google Hacking Tools
  • Additional Footprinting Tools
  • Footprinting Countermeasures
  • Footprinting Pen Testing