Footprinting is about information gathering and is both passive and active. Reviewing the company's website is an example of passive footprinting, whereas calling the help desk and attempting to social engineering them out of privileged information is an example of active information gathering.
Scanning entails pinging machines, determining network ranges and port scanning individual systems.
- Information gathering
- Determining the network range
- Identifying active machines
- Finding open ports and access points
- OS fingerprinting
- Fingerprinting services
- Mapping the network
The Seven Steps Of The Pre-Attack Phase
| Step | Title | Active/Passive | Common Tools |
| One | Information gathering | Passive | Sam Spade, ARIN, IANA, Whois, Nslookup |
| Two | Determining network range | Passive | RIPE, APNIC, ARIN |
| Three | Identify active machines | Active | Ping, traceroute, Superscan, Angry IP scanner |
| Four | Finding open ports and applications | Active | Nmap, Amap, SuperScan |
| Five | OS fingerprinting | Active/passive | Nmap, Winfigerprint, P0f, Xprobe2, ettercap |
| Six | Fingerprinting services | Active | Telnet, FTP, Netcat |
| Seven | Mapping the network | Active | Cheops, traceroute, NeoTrace |
No comments:
Post a Comment