- Footprinting is the process of collecting as much information as possible about a target network, for identifying various ways to intrude into an organization's network system.
- Footprinting is the first step of any attack on information systems; attacker gathers publicly available sensitive information, using which he/she performs social engineering, system and network attacks, etc. that leads to huge financial loss and loss of business reputation.
- Know Security Posture: Footprinting allows attackers to know the external security posture of the target organization.
- Reduce Focus Area: It reduces attacker's focus area to specific range of IP address, networks, domain names, remote access, etc.
- Identify Vulnerabilities: It allows attacker to identify vulnerabilities in the target systems in order to select appropriate exploits.
- Draw Network Map: It allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to break.
- Collect Network Information:
- Domain name
- Internal domain names
- Network blocks
- IP addresses of the reachable systems
- Rogue websites/private websites
- TCP and UDP services running
- Access control Mechanisms and ACL's
- Networking protocols
- VPN Points
- IDSes running
- Analog/digital telephone numbers
- Authentication mechanisms
- System Enumeration
- Collect System Information:
- User and group names
- System banners
- Routing tables
- SNMP information
- System architecture
- Remote system type
- System names
- Passwords
- Collect Organization's Information:
- Employee details
- Organization's website
- Company directory
- Location details
- Address and phone numbers
- Comments in HTML source code
- Security policies implemented
- Web server links relevant to the organization
- Background of the organization
- News articles
- Press releases