2.2.4 Website Footprinting

Website Footprinting

Website Footprinting referes to monitoring and analyzing the target organization's website for information.
Browsing the target website may provide:
- Software used and its version
- Operating system used
- Sub-directories and parameters
- Filename, path, database field name, or query
- Scripting platform
- Contact details and CMS details
Use Burp Suite, Zaproxy, Paros Proxy, Website Informer, Firebug, etc. to view headers that provide:
- Connection status and content-type
- Accept-Ranges
- Last-Modified information
- X-Powered-By information
- Web server in use and its version
Examining HTML source provide:
- Comments in the source code
- Contact details of web developer or admin
- File system structure
- Script type
Examining cookies may provide:
- Software in use and its behavior
- Scripting platforms used

Web spiders perform automated searches on the target websites and collect specified information such as employee names, email addresses, etc.
Attackers use the collected information to perform further footprinting and social engineering attacks.

GSA Email Spider: http://email.spider.gsa-online.de

Web Data Extractor: http://webextractor.com

Mirroring an entire website onto the local system enables an attacker to browse website offline; it also assists in finding directory structure and other valuable information from the mirrored copy without multiple requests to web server.
Web mirroring tools allow you to download a website to a local directory, building recursively all directories, HTML, images, flash, videos, and other files from the server to your computer.

wget -m

HTTrack Web Site Copier: http://www.httrack.com

SurfOffline: http://www.surfoffline.com

Internet Archive's Wayback Machine allows you to visit archived versions of websites.