Footprinting Penetration Testing

3 Footprinting Penetration Testing

My resume of module 02 footprinting form CEH material

So far, we have discussed the necessary techniques and tools that can be used to footprint a target organization’s network. Penetration testing (or pen testing) refers to the process of testing the organization’s security posture using similar techniques and tools as that of an attacker, but with the knowledge and approval of the organization. Footprinting is the first step to perform in the pen testing process. Performing footprinting in a systematic manner enables a pen tester to discover potential security liabilities that an attacker may exploit. In the pen testing process, the pen tester acts as a malicious outsider and simulates an attack to find security loopholes.

A footprinting pen test helps in determining an organization’s information on the Internet such as network architecture, operating systems, applications, and users. The pen tester tries to gather publicly available sensitive information of the target by pretending to be an attacker. The target may be a specific host or a network.

The pen tester can perform ways in which to gather as of footprinting pen testing. information resource, that the same attacks as an attacker. much information as possible in If the pen tester finds sensitive information should be reported The pen tester should try all possible order to ensure the maximum scope information on any publicly available to the organization. Footprinting pen testing helps organization to:

  • Prevent information leakage
  • Prevent social engineering attempts
  • Prevent DNS record retrieval from publically available servers

Footprinting Pen Testing Steps

Pen testing is a means to examine network security. Steps in the procedure should be followed in order, to ensure maximum scope of testing. The steps involved in footprinting pen testing are:

  • Step 1: Get proper authorization

    Always perform pen testing with authorization. The first step in a footprinting pen test is to get proper authorization from the organization. This may or may not include the system administrators.

  • Step 2: Define the scope of the assessment

    Defining the scope of the security assessment is a prerequisite for pen testing. Defining the scope of assessment determines the range of systems in the network to be tested and the resources that can be used to test and so on. It also determines the pen tester’s limitations. Once you define the scope, you should plan and gather sensitive information using footprinting techniques.

  • Step 3: Perform footprinting through search engines

    Use footprint search engines such as Google, Yahoo! Search, Ask, Bing, and Dogpile to gather the target organization’s information such as employee details, login pages, intranet portals and so on. that can help in performing social engineering and other types of advanced system attacks.

    Perform Google hacking using tools such as Google Hacking Database (GHDB) and so on. Such use helps to expose security loopholes in the code and configuration of the websites. Google hacking is usually done with the help of advanced Google operators that locate specific strings of text, such as versions of vulnerable web applications.

  • Step 4: Perform footprinting through web services

    Perform footprinting through web services such as Netcraft, Pip], Google Finance, and Google Alerts to gather information about target organization’s website, employees, competitor, infrastructure, and operating systems.

  • Step 5: Perform footprinting through social networking sites

    Perform footprinting to gather target organization employee information from personal profiles on social networking sites such as Facebook, MySpace, LinkedIn, Twitter, Pinterest, Google+ and so on. This can assist in performing social engineering. You can also use people search engines to obtain information about a target person.

  • Step 6: Perform website footprinting

    Perform website footprinting using tools such as Burp Suite, Web Data Extractor, HTTrack Web Site Copier, Metagoofil, and WebSite-Watcher in order to build a detailed map of the website’s structure and architecture.

  • Step 7: Perform email footprinting

    Perform email footprinting using tools such as eMailTrackerPro, Yesware, and ContactMonkey to gather information about the physical location of an individual. Use this to perform social engineering that in turn may help in mapping the target organization’s network. Analyzing email headers can help to collect information such as sender’s IP address, sender’s mail server, sender’s address, data and time received by the originator’s email servers, authentication system used by sender’s mail server, sender’s full name and so on.

  • Step 8: Gather competitive intelligence

    Gather competitive intelligence using tools such as Hoover’s, LexisNexis, or Business Wire. These tools extract competitor information such as its date of establishment, location, progress analysis, higher authorities, product analysis, marketing details and so on.

  • Step 9: Perform Whois footprinting

    Perform Whois footprinting using tools such as Whois Lookup, SmartWhois, and Batch IP Converter to extract information about particular domains. You can capture information such as IP address, domain owner name, registrant name, and contact details including phone numbers, and email IDs. The information can be used to create a detailed map of organizational network, to gather personal information that assists to perform social engineering, to gather other internal network details and so on.

  • Step 10: Perform DNS footprinting

    Perform DNS footprinting using tools such as DNSstuff, DIG, and myDNSTools to determine key hosts in the network and to perform social engineering attacks. Resolve the domain name to learn about its IP address, DNS records and so on.

  • Step 11: Perform network footprinting

    Perform network footprinting using tools such as a Path Analyzer Pro, VisualRoute, and GEO Spider to learn the network range and other information about the target network that helps to draw the network diagram of the target.

  • Step 12: Perform social engineering

    Implement social engineering techniques such as eavesdropping, shoulder surfing, dumpster diving, impersonation on social networking sites and phishing to gather critical information about the target organization. Through social engineering, you can gather target organization’s security products in use, OS and software versions, network layout information, IP addresses and names of servers, and important personnel.

  • Step 13: Document all the findings

    When finished with the implementation of footprinting techniques, collect and document the information obtained in each stage of testing. You can use this document to study, understand, and analyze the security posture of the target organization. This also enables you to find and fix security loopholes to prevent exploitation.

Footprinting Pen Testing Report Templates

Pen testing helps the organization to enhance its security perimeter. As a pen tester, you should gather sensitive information such as server details, OS and so on. of the target organization by conducting footprinting. Analyze the system and network defenses by breaking into its security with authorization (i.e., ethically) without causing any damage. Find the loopholes and weaknesses in the network or system security and list them along with respective countermeasures in a pen testing report.

Importantly, network penetration tests or security audits. performed, the hacking techniques the pen testing report results from It contains all the details such as types of tests used, and the results of hacking activity. In addition, the report also contains the highlights of security risks and vulnerabilities of an organization. Always keep the report confidential. If this information falls into the hands of attacker, the information in the report could be used to launch attacks.