Reconnaissance (Footprinting)
Welcome to the Footprinting module. This note will guide you thru all the methodologies that I used while preparing for the CEH (Practical) exam.
Information Gathering using Google Dorks
Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes i the configuration and computer code that websites are using. Google dorking could also be used for OSINT.

Netcraft and Peekyou
https://www.netcraft.com to find the information about the websites
www.peekyou.com to find the information about people who live in the USA
Harvesting Email using theHarvester
theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open-source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources.
theHarvester -d loliteam.net -l 200 -b baidu
Sherlock
Sherlock is a tool used to Gather information and hunts down social media accounts by username across social networks about the users.
python3 sherlock.py YuIHatano
If using Kali Linux 2022.3, can install sherlock by command
apt install sherlock -y
Ping
Ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol network. It is available for virtually all operating systems that have networking capability, including most embedded network administration software
ping www.loliteam.net -f -l 1500 -i 3
-f = Fragment the packets
-l = Size of bytes
-i = Number of packets
Web Data Extractor
Web Data Extractor is a Windows Tool
The tool is used to crawl website content like:
Meta Tags
Emails
Phones
Etc...
!Download the pro version and use the trial will be better

HTTrack
HTTrack is a tool used to mirror a website and use it in offline
Cwel
Cwel is a tool used to create a wordlist from a specific website
cewl -d -w save_wordlist.txt 2 -m 5 www.example.com
Email Tracker Pro
Email Tracker Pro is used to track and check the Email Headers.
Whois Lookup using Domain Tools
https://whois.domaintools.com is a tool used to lookup the details of a particular domain.
WHOIS is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system but is also used for a wider range of other information.
DNS Footprinting
nslookup
nslookup is a network administration command-line tool for querying the Domain Name System to obtain the mapping between a domain name and IP address r other DNS records.
nslookup screen shot
DNSrecon
DNSRecon is a free and open-source tool or script that is available on GitHub. Dnsrecon is one of the popular scripts in the security community which is used for reconnaissance on domains. This script is written in python language. You must have python language installed in your kali Linux operating system in order to use the script.
dnsrecon -r 192.168.64.0-192.168.64.225
TraceRoute
Traceroute is used to find the path IP to reach the website.
In computing, traceroute and tracert are computer network diagnostic commands for displaying possible routes and measuring transit delays of packets across an Internet Protocol network.
Path Analyzer Pro
Path Analyzer Pro is a tool used to track the Path and it is a GUI windows application
Other Tools
Recon-ng
Maltego
OSRFramework
OSRFramework Tools
usufy.py -n Mark Zuckerberg -p twitter facebook youtube
domainfy.py -n eccouncil -t all (Gather all the registered domains)
searchfy.py (Gathers info of user on Social networking page)
mailfy.py (Gathers info about email accounts)
phonefy.py (Gathers the series of phones)
FOCA (Best tool to footprint the whole Web server Must check)
Billcypher is a tool used to track down
Last updated