footprinting- Penetration-Testing

Top 12 steps for Foot printing Penetration Testing

So far, we’ve got mentioned the mandatory techniques and tools that may be used to footprint Penetration a target organization’s network. Penetration testing (or pen testing) refers to the method of testing the organization’s security posture using similar techniques and tools as that of an attacker, however with the information and approval of the organization.

Foot printing is that the first step to perform within the Penetration testing method. Activity foot printing {in adjuring in an exceedingly in a very} systematic manner permits a pen tester to find potential security liabilities that an attacker could exploit. Within pen testing method, pen tester acts as a malicious outsider and simulates an attack to search out security loopholes.

Fingerprinting pen check helps in determinant an organization’s data on the internet such as network architecture, operating systems, applications, and users. The Penetration tester tries to assemble public ally offered sensitive data of the target by pretending to be an attacker. The target is also a selected host or a network.


The pen tester will perform a similar attacks as an attacker. The pen tester try all possible ways in which to gather as much data as possible in order to confirm. The maximum scope of foot printing pen testing. If the pen tester finds sensitive data on any public-ally offered data resource, that data ought to be reported to the organization.

Foot printing pen testing helps organization to:

– Prevention data outpouring
-Prevent social engineering tries
– Prevent ONS record retrieval from in public offered servers
– Foot printing Pen Testing Steps

Pen testing could be a suggests that to look at network security. Steps within the procedure ought to be followed so as, to confirm most scope of testing. The steps concerned in foot printing Penetration testing are:

Step 1: Get correct authorization

Always perform Penetration testing with authorization. The primary step in a foot printing pen check is to induce correct authorization from the organization. This might or might not embody the system directors.

Step 2: outline the scope of the assessment

defining the scope of the safety assessment could be a requirement for pen testing process. The scope of assessment determines range of systems within network to checked therefore resources that may be used to test . It also determines the pen tester’s limitations. Once you outline the scope, you ought to set up and gather sensitive data mistreatment foot printing techniques.

Step 3: Perform foot printing through search engines

Use footprint search engines like Google, Yahoo! Search, Ask, Bing, and Dog pile to assemble the target organization’s data like employee details, login pages, and intranet portals so on. That may help in activity social engineering and alternative varieties of advanced system attacks.
Perform Google hacking using tools like Google Hacking information (GHDB) so on. Such use helps to expose security loopholes within the code and configuration of the websites. Google hacking is usually through with the help of advanced Google operators. That find specific strings of text, like versions of vulnerable web applications.

Step 4: Perform foot printing through web services

Perform foot printing through web services like Net craft, Pip, Google Finance, and Google Alerts to assemble data regarding target organization’s web site, employees, competitor, infrastructure, and in operation systems.

Step 5: Perform foot printing through social networking sites

Perform foot printing to gather- target organ objectives of foot printing nation employee. Data from personal profiles on social networking sites like Face book, rvlySpace, LinkedIn, Twitter, Interest, Google+ so on. This may assist in activity social engineering. You’ll additionally use people search engines to get data a few target person.

Step 6: Perform web site foot printing

Perform website foot printing using tools like Burp Suite, web information Extractor, Track web site duplicator, Metabolite. Website-Watcher so as to create a detailed map of the website’s structure and design.

Step 7: Perform email foot printing

Perform email foot printing using tools like Yes ware, and Contractility to assemble data regarding the physical location of an individual. Use this to perform social engineering that in turn could help in mapping the target organization’s network. Analyzing email headers will help to gather data like sender’s IP address, sender’s mail server, sender’s address, information and time received byte Originator’s email servers, authentication system used by sender’s mail server, sender’s full name so on.

Step 8: Gather competitive intelligence

Gather competitive intelligence using tools like Hoover’s, LexisNexis, or Business Wire. These tools extract competitor data like its date of establishment, location, progress analysis, higher authorities, product analysis, marketing details so on.

Step 9: Perform who is foot printing

Perform who is foot printing using tools like who is search, Batch IP converter to extract data regarding explicit domains. You’ll capture data like IP address, domain owner name, registrant name, and contact details including phone numbers, and email IDs. The knowledge will be used to create a detailed map of organizational network, to assemble personal data. That assists to perform social engineering, to assemble alternative internal network details so on.

Step 10: Perform DNS foot printing

Perform DNS foot printing using tools like DNs stuff, DIG, and my DNS Tools to work out. Key hosts within the network and to perform social engineering attacks. Resolve the domain name to find out regarding its ip address, DNS records so on.

Step 11: Perform network foot printing

Perform network foot printing using tools like a Path analyzer pro, Visual Route, and GEO Spider to find out. The network vary and alternative data regarding the target network that helps to draw the network diagram of the target.

Step 12: Perform social engineering

Implement social engineering techniques like eavesdropping, shoulder surfing, Dumpster diving, impersonation on social networking sites and phishing together essential data regarding the target organization. Through social engineering, you’ll gather target organization’s security merchandise in use, OS and software versions, network layout data, ip addresses and names of servers, and vital personnel.

 

Leave a Comment

Your email address will not be published. Required fields are marked *