Footprinting Pen Testing

Foot printing is that the first step to perform within the Penetration testing method. Activity foot printing {in adjuring in an exceedingly in a very} systematic manner permits a pen tester to find potential security liabilities that an attacker could exploit. Within pen testing method, pen tester acts as a malicious outsider and simulates an attack to search out security loopholes. 

Foot printing pen testing helps organization to:

 Prevention data outpouring
– Prevent social engineering tries
 Prevent ONS record retrieval from in public offered servers
 Foot printing Pen Testing Steps

Pen testing could be a suggests that to look at network security. Steps within the procedure ought to be followed so as, to confirm most scope of testing.

  • Footprinting pen testing is used to determine organization’s publicly available information.
  • The tester attempts to gather as much information as possible about the target organization from the Internet and other publicly accessible sources.
  • Get proper authorization and define the scope of the assessment.
  • Foorprint search engines such as Google, Yahoo!Search, Ask, Bing, Dogpile, etc. to gather target organization’s information such as employee details, login pages, intranet portals, etc. that helps in performing social engineering and other types of advanced system attacks.
  • Perform Google hacking using tools such as GHDB, MetaGoofil, SiteDigger, etc.
  • Gather target organization employees information from their personal profiles on social networking sites such as Facebook, LinkedIn, Twitter, Google+, Pinterest, etc. that assist to perform social engineering.
  • Perform website footprinting using tools such as HTTrack Web Site copier, BlackWidow, Webripper, etc. to build a detailed map of website’s structure and architecture.
  • Perform email footprinting using tools such as eMailTrackerPro, PoliteMail, Email Lookup-Free Email Tracker, etc. to gather information about the physical location of an individual to perform social engineering that in turn may help in mapping target organization’s network.
  • Gather competitive intelligence using tools such as Hoovers, LexisNexis, Business Wire, etc.
  • Perform WHOIS footprinting using tools such as SmartWhois, Domain Dossier, etc. to create detailed map of organizational network, to gather personal information that assists to perform social engineering, and to gather other internal network details, etc.
  • Perform DNS footprinting using tools such as DNSstuff, DNS Records, etc. to determine key hosts in the network and perform social engineering attacks.
  • Perform network footprinting using tool such as Path Analyzer Pro, VisualRoute, Network Pinger, etc. to create a map of the target’s network.
  • Implement social engineering techniques such as eavesdropping, shoulder surfing, and dumpster diving that may help to gather more critical information about the target organization.
  • At the end of pen testing document all the findings

Footprinting Pen Testing Report Templates

  • Information obtained through:
    • search engines
    • people search
    • Google
    • social networking sites
    • website footprinting
    • email footprinting
    • competitive intelligence
    • WHOIS footprinting
    • DNS footprinting
    • network footprinting
    • social engineering

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *