# Reconnaissance (Footprinting)

## Information Gathering using Google Dorks

Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes i the configuration and computer code that websites are using. Google dorking could also be used for OSINT.

<figure><img src="https://www.esds.co.in/blog/wp-content/uploads/2019/05/GHD-blog.png" alt=""><figcaption></figcaption></figure>

{% file src="<https://1680260334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fuyv6WKxbnPSm2zlRacJi%2Fuploads%2FKHT1Z7X3SVt2FiywaOtH%2FGoogleHackingCheatSheet.pdf?alt=media&token=a516d6c7-43ff-49ba-80eb-60f07b988b70>" %}

## Netcraft and Peekyou

* <https://www.netcraft.com> to find the information about the websites
* [www.peekyou.com](http://www.peekyou.com) to find the information about people who live in the USA

## Harvesting Email using theHarvester

theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open-source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources.

{% embed url="<https://github.com/laramies/theHarvester>" %}

```
theHarvester -d loliteam.net -l 200 -b baidu
```

## Sherlock

* Sherlock is a tool used to Gather information and hunts down social media accounts by username across social networks about the users.

{% embed url="<https://github.com/sherlock-project/sherlock>" %}

```
python3 sherlock.py YuIHatano
```

* If using Kali Linux 2022.3, can install sherlock by command

```
apt install sherlock -y
```

## Ping

Ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol network. It is available for virtually all operating systems that have networking capability, including most embedded network administration software

```
ping www.loliteam.net -f -l 1500 -i 3
-f = Fragment the packets
-l = Size of bytes
-i = Number of packets
```

{% hint style="info" %}
The maximum size of the frame is **1472**
{% endhint %}

## Web Data Extractor

* Web Data Extractor is a Windows Tool
* The tool is used to crawl website content like:
  * Meta Tags
  * Emails
  * Phones
  * Etc...

> !Download the pro version and use the trial will be better

{% embed url="<http://www.webextractor.com>" %}
Official website of the tool
{% endembed %}

<figure><img src="https://631123540-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTnYLydS0JgZzHeOY4n38%2Fuploads%2FMvbwN16HCxzkG7ZEkE2R%2Fimage.png?alt=media&#x26;token=028467e1-d226-4a92-bd15-74246b04180f" alt=""><figcaption><p>Web Data Extractor Screenshot</p></figcaption></figure>

## HTTrack

* HTTrack is a tool used to mirror a website and use it in offline

{% embed url="<https://www.httrack.com>" %}

## Cwel

* Cwel is a tool used to create a wordlist from a specific website

```
cewl -d -w save_wordlist.txt 2 -m 5 www.example.com
```

## Email Tracker Pro

* Email Tracker Pro is used to track and check the Email Headers.

{% embed url="<https://mha.azurewebsites.net/>" %}
Online Email Tracker Tools
{% endembed %}

## Whois Lookup using Domain Tools

* [https://whois.domaintools.com](https://whois.domaintools.com/) is a tool used to lookup the details of a particular domain.
* WHOIS is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system but is also used for a wider range of other information.

{% embed url="<https://whois.domaintools.com>" %}

## DNS Footprinting

### nslookup

* nslookup is a network administration command-line tool for querying the Domain Name System to obtain the mapping between a domain name and IP address r other DNS records.
*

```
<figure><img src="https://i.imgur.com/oMdzdxd.png" alt=""><figcaption><p>nslookup screen shot</p></figcaption></figure>
```

### DNSrecon

**DNSRecon** is a free and open-source tool or script that is available on GitHub. Dnsrecon is one of the popular scripts in the security community which is used for reconnaissance on domains. This script is written in python language. You must have python language installed in your kali Linux operating system in order to use the script.&#x20;

```
dnsrecon -r 192.168.64.0-192.168.64.225
```

{% embed url="<https://www.geeksforgeeks.org/dnsrecon-a-powerful-dns-enumeration-script>" %}

## TraceRoute

* Traceroute is used to find the path IP to reach the website.
* In computing, traceroute and tracert are computer network diagnostic commands for displaying possible routes and measuring transit delays of packets across an Internet Protocol network.

## Path Analyzer Pro

* Path Analyzer Pro is a tool used to track the Path and it is a GUI windows application

{% embed url="<https://www.pathanalyzer.com>" %}

## Other Tools

* Recon-ng
* Maltego
* OSRFramework

```
OSRFramework Tools

usufy.py -n Mark Zuckerberg -p twitter facebook youtube
domainfy.py -n eccouncil -t all (Gather all the registered domains)
searchfy.py (Gathers info of user on Social networking page)
mailfy.py (Gathers info about email accounts)
phonefy.py (Gathers the series of phones)
```

* FOCA (Best tool to footprint the whole Web server **Must check**)
* Billcypher is a tool used to track down