What is Footprinting in Ethical Hacking? Types, Uses, Information Gathering, Footprinting vs Reconnaissance

Cybersecurity experts have been using footprinting and reconnaissance for years to determine vulnerabilities in networks, systems, and IT infrastructures. It has become one of the most preferred and highly-used tools to obtain information about the target system. 

This write-up dives deeper into: 

• What is footprinting?

• What are the different types of footprinting?

• Role of footprinting in ethical hacking

• What is reconnaissance in ethical hacking?

• What is the difference between footprinting and reconnaissance?

And more… 

In ethical hacking, footprinting means gathering as much information as possible about a target system, network, or infrastructure. The aim is to identify vulnerabilities and opportunities to penetrate the system and safeguard it against different types of hacking attacks. 

The footprinting process involves profiling organisations and collecting data about hosts, networks, and third-party partners. The information includes firewalls, IP addresses, URLs, operating systems, virtual private networks, network maps, email addresses, domain name system information, etc. 

Now that you know what is footprinting, let’s know about its types. So, there are two types of footprinting:

• Active Footprinting

In active footprinting, the hackers use certain techniques and tools to connect with the target machine. It can include the use of ping sweep or commands. 

• Passive Footprinting

On the other hand, passive footprinting includes a collection of the target’s information and data that is publicly available. For instance, gathering information through the website, social media handles, etc.

Following are the roles and applications of footprinting in ethical hacking:

1. Get an Overview of the Security Framework

It allows hackers to know about the security practices and stance of the target. They find whether the network uses a firewall, what security configurations are in place for the apps, etc. 

2. Find Vulnerabilities

Footprinting helps find the vulnerabilities and loopholes in the systems, computers, networks, etc. An ethical hacker can access sensitive data or breach the system to determine vulnerabilities and types of attacks a system is prone to.

3. Specify the Attack Area

Hackers can find specific target areas in a system or network and focus on those areas only. It narrows down the wide area of target systems. 

4. Create a Network Map

Footprinting also helps in creating a map of all the networks used by the target. It can include routers, servers, topology, etc.

An ethical hacker can collect different types of information using footprinting, and there are several sources to gather information.

Types of Information That Can be Gathered With Footprinting Techniques

• IP address

• Network map

• Firewall

• Email id

• Password

• URLs

• VPN

• Server configurations

• Operating system of the target device

• Security configurations of the target device

Sources to Collect Information With Footprinting Techniques

Different sources used to obtain information are:

• Social Media

As most people share their details online, hackers may use fake accounts to connect with someone on social media and seek sensitive data about them. They can appear genuine, become online friends or follow accounts to get information.

• Social Engineering

Social engineering includes two major techniques:

Eavesdropping: An attacker may record the personal conversation of the victim or target person. They eavesdrop on the conversation held over the phone or in person.

Shoulder Surfing: This involves obtaining personal information, such as the email id and password of the target victims, by peeking over their shoulders while they are typing or writing these details for some work. 

• “Whois” Site

The whois.com website is often used by hackers to achieve their purposes. The website traces information, such as domain name, email id, domain owner, and more, and hackers use the data for personal benefit. This also paves the way for website footprinting.

• Job Websites

Companies often share confidential or sensitive data on various job websites while writing job descriptions. Hackers can extract detail they want and use them for malicious activities. 

• NeoTrace

NeoTrace is a GUI router tracer program. It is a commonly-used tool to collect path information. The graphical representation highlights the path between you and the remote website, intermediate nodes, and their related details, such as contact information, IP address, and location. 

• Google

Google is one of the most powerful tools used by hackers to perform extensive searches. It can give you details that you can’t ever imagine. Hence, used by hackers for Google hacking. 

They combine basic search techniques with cutting-edge operators to cause some serious damage. Moreover, the platform is used by attackers to find sensitive information that should never be revealed. 

• Organization’s Website

This is the best and easiest way to look for open-source data freely provided to customers or the general public.

Let's understand what are footprinting and reconnaissance, along with their use, in this quick video:

Footprinting is a part of a more extensive process called Reconnaissance. It is a critical data-gathering stage in the initial ethical hacking process. The information collected can be about network infrastructure, employee contact details, target flaws, and vulnerabilities used for penetration testing and at the beginning of data breaches. The aim of reconnaissance is to determine potential attack vectors. 

Data collected from reconnaissance include:

Security Policies

Uncovering an organisation’s security policies can also help you find vulnerabilities and weaknesses in its system. 

• Password change frequency

• Password complexity requirements

• Firewalls

• Expired or disabled account retention

• Intrusion detection systems

• Physical security, such as access badges or door locks. 

Network Infrastructure

Hackers extract this information to know the type of network the target system is using, such as WAN, LAN, or MAN. 

• Subnet mast

• IP address range

• Domain names

• Network topology

Employee Details

Used for social engineering attacks.

• Designations

• Email addresses

• Social media accounts

• Computer skills

• Phone number

Host Information

Details about the specific host to find weaknesses.

• User names

• Group names

• Operating system and version

• Architecture type

• TCP and UDP services with versions

A tricky question that people who go through our Ethical Hacking Tutorial for Beginners often ask is: “What is the difference between footprinting and reconnaissance?”

Well, you can say that reconnaissance is a broad term covering footprinting and everything else involved in information gathering of a target system, website, network, etc. So, footprinting is a part of reconnaissance. 

Here, the primary goal with both reconnaissance and footprinting in ethical hacking is to find as much information as possible about the target. 

The first phase before rolling out an attack is to collect information about the targeted systems. The attackers research and put in their efforts to find as much information as they can using tools, technologies, and techniques like scanning, enumeration, etc. This phase is called reconnaissance. 

The aim of reconnaissance is to find the easiest point of entry to the target system and make the most out of it. Footprinting is similar to reconnaissance, but it involves collecting data in a less intrusive manner.