Information Gathering which is also known as Footprinting or Reconnaissance is the very first step or phase of Ethical Hacking where we gather all the information about the target.
This information will be useful in the scanning phase and it will help to draw network maps and identify potential vulnerabilities.
If you want to learn Ethical Hacking at an advanced level to get from a complete beginner to an expert ethical hacker, you can try the most affordable option Advanced Ethical Hacking and Penetration Testing Course.
Get Advanced Ethical Hacking and Penetration Testing Course
Information Gathering
In this post, we will learn about sources and what type of information you can collect about the target and more. This article is just an introduction to information gathering and its techniques; you will practically learn to utilize all these tools and techniques in the upcoming article.
Google Search
A simple Google search can reveal to you lots of useful information about the target like login portals, file archives, old WebPages, and data.
Web-History
You can get the full history of any website on the internet using the way back machine on archive.org website.
Netcraft
So, netcraft.com is a website that you can use to gather valuable information about the target like server, hosting, domains, IP addresses, operating system, etc.
Location
Using their IP address and some websites you can get information about their location.
People Search
There are lots of people search sites on the internet today which you can use to get details of any person like full name, phone number, email address, etc.
Financial Data
Financial information of your targeted organization can be useful sometimes.
Job sites
Using job sites you can see if there are any open vacancies or job postings of the targeted organization which you can use to gather additional information.
Other Online Sources
There are other online resources that you can use to gather information about the target online like forums, pages, groups blogs, etc.
Google Hacking
We can use some google operators also known as google dorks to get lots of confidential information about the target.
Social Networking Sites
Don’t even get me started on how people share their confidential details on social media. You can find lots of useful information on pages and social profiles of your target.
Company Website
Target’s website is also a useful source of information. Sometimes, you can get contact details or other critical details in the source code of the website.
E-Mail Headers
Every email has an email header containing useful information like sender, recipient details, email route, location, etc. There are lots of free email header analyzers on the internet like mxtoolbox.com which you can use to analyze email headers and extract information.
Whois
A simple whois query can reveal you information of any domain name’s registrar, owner’s contact information, domain age, etc. Whois tools are available online or you can use the built-in whois tool in Kali Linux.
DNS
Nslookup can help you get information like A, MX, CNAME records of any domain name.
Traceroute
Using traceroute tools, you can get real-time information about the path taken by any IP address from source to destination.
Social Engineering
You surely have heard of saying “The weakest link on any security system is not software or hardware, it is us humans”. Social engineering is the art of extracting information about the target by exploiting human behavior and trust using techniques like shoulder surfing (very old school), phishing, eavesdropping, etc.
Yes, there are other sources of information too which you can use to get info on the target. But these are very known sources to get critical information. This post was an intro to information gathering, we will practically learn to use all these tools and techniques in the upcoming post. So please subscribe to our email newsletter or follow us on social media to get the latest updates.