Hacker Techniques, Tools, and
Incident Handling
Chapter 5
Footprinting Tools and Techniques
Learning Objective
Identify common information gathering tools and
techniques.
Hacker Techniques, Tools, and Incident Handling
Page 2
Key Concepts
Information gathering––reasons, tools, and
techniques
Footprinting as a data gathering technique
Information gathering and footprinting––
countermeasures
Hacker Techniques, Tools, and Incident Handling
Page 3
Footprinting
The first phase of hacking
Passively gain information about a target
Gain valuable information about their intended target
without alerting the victim
Network range, equipment/technologies in use,
financial information, locations, physical assets, and
employee names and titles
Hacker Techniques, Tools, and Incident Handling
Page 4
Information-Gathering Process
1.
2.
3.
4.
5.
6.
7.
Gathering information
Determining the network range
Identifying active machines
Finding open ports and access points
Detecting operating systems
Using fingerprinting services
Mapping the network
Footprinting covers the first two steps, which do not require
direct interaction with the victim.
Hacker Techniques, Tools, and Incident Handling
Page 5
Footprinting Activities
Examine company’s Web site
Identify key employees
Analyze open positions and job requests
Assess affiliate, parent, or sister
companies
Find technologies and software used by
the organization
Hacker Techniques, Tools, and Incident Handling
Page 6
Footprinting Activities (Cont.)
Determine network address and range
Review network range to determine
whether the organization is the owner or if
the systems are hosted by someone else
Look for employee postings, blogs, and
other leaked information
Review collected data
Hacker Techniques, Tools, and Incident Handling
Page 7
Information on a Company Web
Site
Employee names...