Introduction to Footprinting - First Step to Hacking

Finding the level of risk connected with the organization's publicly available information is a crucial component of footprinting. Footprinting, also known as the preparatory phase is the first step in ethical hacking. The reconnaissance or footprinting part has the most weightage in the phases of hacking almost above 50%, making it the most crucial and vital. 

In this phase, the attacker draws on competitive intelligence to learn more about the target and allows attackers to plan the attack. There is no single methodology for footprinting. After the completion of the phase in an organized manner, an attacker can obtain a proper understanding of the security profile of the target organization. 

It is important to be able to distinguish among the various reconnaissance methods and advocate preventive measures in light of potential threats.  The information gathered in this step helps in uncovering vulnerabilities existing in the target network and in identifying different ways of exploiting these vulnerabilities. 

Footprinting is of two types: Active and Passive. 

Passive Footprinting

When an attacker does not interact with the target directly and relies on publicly available information, news releases, or another no-contact method it is called Passive Reconnaissance. Performing passive footprinting is technically difficult, as active traffic is not sent to the target organization. Passive footprinting techniques include:

  • Finding information through search engines. 
  • Finding the Top-level domains (TDS) and sub-domains of a target through web services. 
  • Collecting location information on the target through web services. 
  • Performing people search using social networking sites and people search services. 
  • Gathering financial information about the target. 
  • Gathering infrastructure details of the target organization through job sites. 
  • Collecting information through deep and dark web footprinting. 
  • Determining the operating systems in use by the target organization.
  • Performing competitive intelligence
  • Monitoring the target using alert services
  • Gathering information using groups, forums, blogs, and NNTP Usenet newsgroups. 
  • Collecting information through social engineering on social networking sites
  • Extracting information about the target using Internet archives. 
  • Gathering information using business profile sites
  • Monitoring website traffic of the target
  • Tracking the online reputation of the target. 

Active Footprinting

When an attacker is involved in direct interactions with the target by using tools to detect open ports, router locations, and details of OS and application it is called Active Reconnaissance. In this case, the target may recognize the ongoing information-gathering process. This process requires more preparation, as it may leave traces that may alert the organization. Active footprinting techniques include:

  • Querying published name servers of the target
  • Searching for digital files
  • Extracting website links and gathering word lists from the target website. 
  • Extracting metadata of published documents and files. 
  • Gathering website information using web spidering and mirroring tools
  • Gathering information through email tracking
  • Harvesting email lists
  • Performing Whois Lookup
  • Extracting DNS information
  • Performing traceroute analysis
  • Performing social engineering 


As discussed, footprinting involves gathering information such as the target organization's URLs, locations, number of employees, contact information, etc. A Hacker can collect this information from publicly accessible sources such as:

You might be interested in,

We hope this helps. If you have any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment