Footprinting through web services

1.2 Footprinting through web services

My resume of module 02 footprinting form CEH material

Web services such as people search services can provide sensitive information about the target. Internet archives may also provide sensitive information that has been removed from the World Wide Web (‘WWW’). Social networking sites, people search services, alerting services, financial services and job sites provide information about a target such as infrastructure details, physical location, and employee details. Moreover, groups, forums, and blogs can help attackers in gathering sensitive information about a target such as public network information, system information, and personal information. Using this information, an attacker may build a hacking strategy to break into the target organization’s network and may carry out other types of advanced system attacks.

Finding Company’s Top-level Domains (TLDs) and Sub-domains

A company’s top-level domains (‘TLDs’) and sub-domains can provide a lot of useful information to an attacker. A public website is designed to show the presence of an organization on the Internet. It is available for free access and is accessible by anyone. It is designed to attract customers and partners. It may contain information such as organizational history, services and products, and contact information. The target organization’s external URL can be located with the help of search engines such as Google, Bing among others.

The sub-domain organization is available to only a few people. or members of a department. These persons may be employees Sub-domains provide an of an insight into different departments and business units in an organization. Access restrictions can be applied based on the IP address, domain or subnet, username, and password. The sub-domain helps to access the private functions of an organization. Most organizations use common formats for sub-domains. Therefore, a hacker who knows the external URL of a company can often discover the sub- domain through trial and error, or by using a service such as Netcraft.

Tools to Search Company’s Sub-domains:

Finding the Geographical Location of the Target

Information such as the physical location of an organization plays a vital role in the hacking process. Attackers can obtain this information using footprinting. In addition to physical location, a hacker can also collect information such as surrounding public Wi-Fi hotspots that may prove to be a way to break into the target organization’s network.

Tools for Finding the Geographical Location

The tools for geographical location allow you to find and explore most locations on the earth. They provide information such as images of buildings, as well as surroundings, including Wi-Fi networks. Tools such as Google Maps even locate entrances of building, security cameras, and gates. These tools provide interactive maps, outline maps, satellite imagery, and information on how to interact with and create one’s own maps. Google Maps, Yahoo Maps, and other tools

provide driving directions, traffic conditions, locate landmarks, give us detailed information about address and contact information.

Some of the tools used to find geographical location information include:

personal note: this section is very long in resume…

People Search on Social Networking Sites(many social networks)

Some of the people search online services include:

Gathering Information from LinkedIn

  • some some tools on github

and other next’s sections from this module:

  • Gathering Information from Financial Services
  • Footprinting through Job Sites
  • Monitoring Target Using Alerts
  • Information Gathering Using Groups, Forums, and Blogs


Determining the Operating System