Footprinting and Reconnaissance

 

                                   Footprinting and Reconnaissance

Hey there ..! , Welcome to my Cyber Security blog right here we discuss some of the techniques that will help you in many cases , For now our Topic is Footprinting as you read in the title . Now one of the important thing in hacking is gathering information about your target that is the very first step ,you can't start the hack without gathering the target information , This process is known as Footprinting , I am going to show you some of the tools You can use and also some websites to gather information about your target . So get pumped and let's jump right in .

Disclaimer :- We do not condone using this tools for any kind of illegal purposes or testing on system you don't own or have permissions for . Everything provided here is completely for educational purposes only   

At first we are gonna discuss some Windows based tools, than we are gonna jump in our Parrot OS (or kali whatever distro you prefer) to use some terminal based tools and Also explore some of the Google Dorking techniques 

 1)                                                         WebDataExtractor 

Our first tool is WebDataExtractor , Now these tools aren't Free But you can use the Free trail and some of them have a long trail period so You are good to go , Download here 

So install the .exe file pretty easy just click next .... a bunch of times , Once you have installed that open the tool , 

Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text.

Steps :- 1)open the app after installation 

      2)click the new tab and you'll be promted with form , Fill the following things 

starting Url: - give the url of the website to extract data 

inside the spdier in section check the checkbox saying "Stay with url"

under the "savedata" section check all the checkboxes you see and click "Ok"

           should see some similar screen 

3)Now its time to start the show ,click the start tab , this will turn on the process now wait for a while

 

4)At first 1 or 2 trials it might fail as this is free version but try once again , once it has successfully finished

click the "metatag" under the "Newtab" 

there you'll see info related to your search 

Also exlplore other Emails , phones , faxes tags to see related info 

Under each tag section at top left corner you can see a floppy sign , You can click there and save Collected data of that tag section in file on your machine   

Now Don't You worry if you don't Like this one , there are couple of Website alternatives for the same purpose , but this one is widely used 

2)                                                       HTTRACK

Download httrack here

This tool is used for Copying Websites , Yup you read it right You can actually replicate any website you want using this tool , All the phishing messages with some fake paypal or patym link you get , those websites are usually made using such tools , This tool is pretty easy to use 

1) Install the app just as prompted and open it , You should see some similar screen

 

Hit next here , 

2) Give project name in "New project name" input field and set path to save website data "base path" input field hit "set options ...."

      as shown in image below 

3)enter the website URL that you want to clone for example "www.example.com" and click on the "set options" button and go under scan rules tab and check the 3 checkboxes saying .png .rtr etc and hit "OK" and click next

4)now check "Disconnect when finished" checkbox and hit "Finish

          should see some similar window after clicking "Set options.." , check the checkboxes 

           as shown 

        step 4  image 

5)After You click Finish process will start,  let it do it's job 

6)Now once the process is done , wait don't press "Finish" yet, click on the browse mirror website button and you'll see the exact copy of the website, go to the location where you saved this session ,default should be C:\web-site\ ,Now you can click finish at last when you are done

                                    Gathering info from DNS using NSLookUp 

nslookup is a network administration command-line tool for querying the Domain Name System to obtain domain name or IP address mapping, or other DNS records

(For Windows)

Steps : -  

                1) open your cmd and enter the command "nslookup"

        2) enter command "set type=a" , specifies a computers ip address , there are many                 other types like : 

A: Specifies a computer's IP address.

ANY: Specifies a computer's IP address.

CNAME: Specifies a canonical name for an alias.

GID Specifies a group identifier of a group name.

HINFO: Specifies a computer's CPU and type of operating system.

MB: Specifies a mailbox domain name.

MG: Specifies a mail group member.

MINFO: Specifies mailbox or mail list information.

MR: Specifies the mail rename domain name.

MX: Specifies the mail exchanger.

NS: Specifies a DNS name server for the named zone.

PTR: Specifies a computer name if the query is an IP address; otherwise, specifies                 the pointer to other  information.

SOA: Specifies the start-of-authority for a DNS zone.

TXT: Specifies the text information.

UID: Specifies the user identifier.

UINFO: Specifies the user information.

WKS: Describes a well-known service.

3)Now you can see ip for google server , now enter command "set type=cname" , and             enter website url same way

Explaining CNAME in short :- CNAME records are frequently used for pointing many         hosts to the same place and updating them easily. you can learn more about them here         :- https://www.cloudns.net/wiki/article/13/

Same way you can also perform this in Parrot or Kali using dnsrecon , You can get as much possible info using dnsrecon regarding a dns server , read this article to get a brief about it : https://pentestlab.blog/2012/11/13/dns-reconnaissance-dnsrecon/

You can also check American Registry for Internet numbers (it is a website, to get deep info related to ip addresses), for info about the ip's that you get from nslookup

Here are Some of More Tools to use for Footprinting they have very good documentation that You can learn from and if i explain them here than i would literally have to convert this blog into a decent size Book,

Pathanalyzerpro :- Path Analyzer Pro - the ultimate traceroute

Path Analyzer Pro delivers advanced network route-tracing with performance tests, DNS, whois, and network resolution to investigate network issues.

You can do a normal trace of the packet using the "traceroute" command but this software gives you some more advance features , You can get limited access for free versions 

1)You can configure the type of info you want in this software on the left pane , enter the website url "www.example.com" and press enter 

2) once hit enter , go the "synopsis" tab , (below the target text field , beside "report" tab) , here you can see the gathered info 

FOCA := There is one more tool called as FOCA , FOCA (Fingerprinting Organisations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages and can be downloaded and analyzed with FOCA.

These tool are easy to use and you can easily find it

billcipher:= there is one more tools called as bill cipher , you can find it here := https://github.com/GitHackTools/BillCipher#:~:text=README.md-,About%20BillCipher%202.3,%2C%20Python%203%2C%20and%20Ruby

It is an Information Gathering tool for a Website or IP address (terminal based)

Installation and use is mentioned in easy way so you can directly refer the link

theHarvester := this is one of my favorite tools to gather info about a person , it's available in parrot and kali OS , it gathers information about a person from websites like linkedin and facebook etc , You can also query based on the person working in a particular company with a particular name  

Now I think that this sums up the tools section , Now lets jump right in for Google Dorking 

                                                        Google Dorking 

Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using

I suggest You go in incognito mode and use VPN , to stay more safe , this isn't illegal though but still it is recommended  

Now Dorking in a nutshell is , Using some special syntax to search in google's search engine to get some valuable information around , search through log files , sometimes things are garbage for others but not for you , Now this is not garbage though but still You can look for anything You can get your hands on 

We are gonna make google to index(show us) search results exactly as we want 

Open Google on your chrome and let's move further to our first search 

    1) cache: website url = this is used to see older versions of a particular website

            eg: cache: www.example.com , 

    You can see some older versions of a particular websites that were cached by the google         and see if you could gather some information around 

     2) allintext:username filetype:log = lets you look for some log files that have been deleted             or removed ,this will look for log files that has the username string in it 

        usernames and password are pretty sensitive information and sometimes such things            get accidentally exposed , as you know servers tend to generate log files to keep track             of their usage so why No take a look

Disclaimer :- Maybe sometimes you find real usernames and password for a particular website and it might be tempting to use them But these are the times when you cross the line and might get yourself into trouble Because that's highly illegal 

    

   3)intitle:"index of" inurl:ftp = this will index all the files for an ftp server  

            . The Google search operator intitle allows for the combination of strings in the title. The operator inurl looks only in the URL of the site.

    4)intitle:"webcamXP 5" = these are kind of devices, in this case webcams exposed to                 internet that have No passwords or security and are vulnerable , sometimes maybe                 they are set on  purpose to attract people like you and download some files with .swf             extension , make sure you delete them right away because they are pretty harmful 

intitle searches for string in the title of the website

  5)db_password filetype:env  = find passwords to a whole bunch of databases

  6)filetype:inc php -site:github.com -site:sourceforget.net  = for websites that are hosted                     on github or are using git repository

   So here is a gist of some of the Dorking Techniques used widely and if you do too much of it Google might notice you as a bot or a spider surfing the internet doesn't happen many times but still , You can look More of Dorking methods online , 

If You liked Don't Forget to Follow me here as I am going to Post more of Hacking related Content as I am already working on it ,Give this a Like as it takes a lot of time to create such content and Follow me on Other platforms Like Medium    , Twitter , Insta ,Github , webiste  etc . 

Share this blog among your friends , Hope to see You in next One , Goodbye ..