What is Footprinting in Ethical Hacking? Types, Uses, Information Gathering, Footprinting vs Reconnaissance
Cybersecurity experts have been using footprinting and reconnaissance for years to determine vulnerabilities in networks, systems, and IT infrastructures. It has become one of the most preferred and highly-used tools to obtain information about the target system.
This write-up dives deeper into:
What is footprinting?
What are the different types of footprinting?
Role of footprinting in ethical hacking
What is reconnaissance in ethical hacking?
What is the difference between footprinting and reconnaissance?
What is Footprinting in Ethical Hacking?
In ethical hacking, footprinting means gathering as much information as possible about a target system, network, or infrastructure. The aim is to identify vulnerabilities and opportunities to penetrate the system and safeguard it against different types of hacking attacks.
The footprinting process involves profiling organisations and collecting data about hosts, networks, and third-party partners. The information includes firewalls, IP addresses, URLs, operating systems, virtual private networks, network maps, email addresses, domain name system information, etc.
Different Types of Footprinting in Ethical Hacking
Now that you know what is footprinting, let’s know about its types. So, there are two types of footprinting:
In active footprinting, the hackers use certain techniques and tools to connect with the target machine. It can include the use of ping sweep or commands.
On the other hand, passive footprinting includes a collection of the target’s information and data that is publicly available. For instance, gathering information through the website, social media handles, etc.
Uses and Roles of Footprinting
Following are the roles and applications of footprinting in ethical hacking:
1. Get an Overview of the Security Framework
It allows hackers to know about the security practices and stance of the target. They find whether the network uses a firewall, what security configurations are in place for the apps, etc.
2. Find Vulnerabilities
Footprinting helps find the vulnerabilities and loopholes in the systems, computers, networks, etc. An ethical hacker can access sensitive data or breach the system to determine vulnerabilities and types of attacks a system is prone to.
3. Specify the Attack Area
Hackers can find specific target areas in a system or network and focus on those areas only. It narrows down the wide area of target systems.
4. Create a Network Map
Footprinting also helps in creating a map of all the networks used by the target. It can include routers, servers, topology, etc.
Information Gathering in Footprinting
An ethical hacker can collect different types of information using footprinting, and there are several sources to gather information.
Types of Information That Can be Gathered With Footprinting Techniques
Operating system of the target device
Security configurations of the target device
Sources to Collect Information With Footprinting Techniques
Different sources used to obtain information are:
As most people share their details online, hackers may use fake accounts to connect with someone on social media and seek sensitive data about them. They can appear genuine, become online friends or follow accounts to get information.
Social engineering includes two major techniques:
Eavesdropping: An attacker may record the personal conversation of the victim or target person. They eavesdrop on the conversation held over the phone or in person.
Shoulder Surfing: This involves obtaining personal information, such as the email id and password of the target victims, by peeking over their shoulders while they are typing or writing these details for some work.
The whois.com website is often used by hackers to achieve their purposes. The website traces information, such as domain name, email id, domain owner, and more, and hackers use the data for personal benefit. This also paves the way for website footprinting.
Companies often share confidential or sensitive data on various job websites while writing job descriptions. Hackers can extract detail they want and use them for malicious activities.
NeoTrace is a GUI router tracer program. It is a commonly-used tool to collect path information. The graphical representation highlights the path between you and the remote website, intermediate nodes, and their related details, such as contact information, IP address, and location.
Google is one of the most powerful tools used by hackers to perform extensive searches. It can give you details that you can’t ever imagine. Hence, used by hackers for Google hacking.
They combine basic search techniques with cutting-edge operators to cause some serious damage. Moreover, the platform is used by attackers to find sensitive information that should never be revealed.
This is the best and easiest way to look for open-source data freely provided to customers or the general public.
Video: Footprinting and Reconnaissance Explained in Simple Terms
Let's understand what are footprinting and reconnaissance, along with their use, in this quick video:
What is Reconnaissance in Ethical Hacking?
Footprinting is a part of a more extensive process called Reconnaissance. It is a critical data-gathering stage in the initial ethical hacking process. The information collected can be about network infrastructure, employee contact details, target flaws, and vulnerabilities used for penetration testing and at the beginning of data breaches. The aim of reconnaissance is to determine potential attack vectors.
Data collected from reconnaissance include:
Uncovering an organisation’s security policies can also help you find vulnerabilities and weaknesses in its system.
Password change frequency
Password complexity requirements
Expired or disabled account retention
Intrusion detection systems
Physical security, such as access badges or door locks.
Hackers extract this information to know the type of network the target system is using, such as WAN, LAN, or MAN.
IP address range
Used for social engineering attacks.
Social media accounts
Details about the specific host to find weaknesses.
Operating system and version
TCP and UDP services with versions
Difference Between Footprinting vs Reconnaissance
A tricky question that people who go through our Ethical Hacking Tutorial for Beginners often ask is: “What is the difference between footprinting and reconnaissance?”
Well, you can say that reconnaissance is a broad term covering footprinting and everything else involved in information gathering of a target system, website, network, etc. So, footprinting is a part of reconnaissance.
Here, the primary goal with both reconnaissance and footprinting in ethical hacking is to find as much information as possible about the target.
The first phase before rolling out an attack is to collect information about the targeted systems. The attackers research and put in their efforts to find as much information as they can using tools, technologies, and techniques like scanning, enumeration, etc. This phase is called reconnaissance.
The aim of reconnaissance is to find the easiest point of entry to the target system and make the most out of it. Footprinting is similar to reconnaissance, but it involves collecting data in a less intrusive manner.