Website Footprinting

In our previous article, we have discussed a brief introduction of footprinting for gathering information  usinng social media related to the specific person. As we had discussed that there are so many types of footprinting and today we are going to talk about DNS footprinting, website footprinting, and whois footprinting.

Website Footprinting

Website Footprinting referes to monitoring and analyzing the target organization’s website for information.

  • Browsing the target website may provide:
    • Software used and its version
    • Operating system used
    • Sub-directories and parameters
    • Filename, path, database field name, or query
    • Scripting platform
    • Contact details and CMS details
  • Use Burp Suite, Zaproxy, Paros Proxy, Website Informer, Firebug, etc. to view headers that provide:
    • Connection status and content-type
    • Accept-Ranges
    • Last-Modified information
    • X-Powered-By information
    • Web server in use and its version
  • Examining HTML source provide:
    • Comments in the source code
    • Contact details of web developer or admin
    • File system structure
    • Script type
  • Examining cookies may provide:
    • Software in use and its behavior
    • Scripting platforms used 

Website Footprinting using Web Spiders

Web spiders perform automated searches on the target websites and collect specified information such as employee names, email addresses, etc. Attackers use the collected information to perform further footprinting and social engineering attacks.

Mirroring Entire Website

  • Mirroring an entire website onto the local system enables an attacker to browse website offline; it also assists in finding directory structure and other valuable information from the mirrored copy without multiple requests to web server.
  • Web mirroring tools allow you to download a website to a local directory, building recursively all directories, HTML, images, flash, videos, and other files from the server to your computer.

Website Mirroring Tools

Extract Website Information from http://www.archive.org 

  • Internet Archive’s Wayback Machine allows you to visit archived versions of websites.

google cache:

Monitoring Web Updates Using Website-Watcher

  • Website-Watcher automatically checks web pages for updates and changes. 

Browsing the target Website may Providing

  • Whos is Details
  • Software used and version
  • OS Details
  • Sub Domains
  • File Name and File Path
  • Scripting Platform & CMS Details
  • Contact Details

Example

From Wikipedia 

Whois footprinting

WHOIS (pronounced as the phrase who is) is a query and response protocol and whois footprinting is a method for glance information about ownership of a domain name as following:

  • Domain name details
  • Contact details contain phone no. and email address of the owner
  • Registration date for the domain name
  • Expire date for the domain name
  • Domain name servers 



Whois Lookup

It is broadly used in support of querying databases that store the registered users or assignees of an Internet resource, such as domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.

Browse given URL http://whois.domaintools.com/in browser and type any domain name.

For example: let’s search pentestlab.in

Now you can see it has created a whois record for pentestlab.in where it contains details like email address, IP, registrant Org. From the given record, anyone can guess that this domain has some connection to raj chandel. The attacker needs to perform footprinting on raj chandel taking help from the previous article.

There is so many other tools use for whois footprinting for example:

  • Caller IP
  • Whois Analyzer pro
  • Whois lookup multiple addresses

DNS Footprinting

The attacker performs DNS footprinting in order to enumerate DNS record details and type of servers. There is 10 type of DNS record which provide important information related to the target location.

  1. A/AAAA
  2. SVR
  3. NS
  4. TXT
  5. MX
  6. CNAME
  7. SOA
  8. RP
  9. PTR
  10. HINFO

Domain Dossier: it is an online tool use for complete DNS footprinting as well as whois footprinting.

There are numerous web tools for DNS footprinting, and we’ll use domain dossier to inspect the DNS records of penetrationlab.in. Simply tick the boxes for DNS records and traceroute, then click the Go button.

You can observe that the data which we received from whois lookup and from domain dossier is the same to some extent. It has given same email ID as above i.e. rrajchandel@gmail.comand moreover details of DNS records TXT, SOA, NS, MX, A and PTR.

DNS Dumpster: it is also an online use for DNS footprinting.

DNSdumpster.com is a FREE domain research tool that can discover hosts related to a domain. Enumerate a domain and pull back up to 40K subdomains, results are available in an XLS for easy reference.

Repeating the same process for pentestlab.in, it will search for its DNS record. From the given screenshot, you can observe we have received the same details as above. More it will create a copy as an output file in from XLS. 

You get signalit is also an online tool used for DNS footprinting as well as for Network footprinting

reverse IP domain check takes a domain name or IP address pointing to a web server and searches for other sites known to be hosted on that same web server. Data is gathered from search engine results, which are not guaranteed to be complete

Hence we get the IP 72.52.229.111 for pentestlab.inmoreover it dumped the name of 14 other domain which is hosted on the same web server.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *