Ethical Hacking: Footprinting and Reconnaissance

with Lisa Bock

Challenges and hyperlinks and for each chapter

Note: Links may change or be unavailable over time.

Chapter 1. Uncovering Information

01_01. Footprinting and reconnaissance
Challenge Question

Q. Outline what we can gather about the target during footprinting, along with what questions
to ask before beginning the process.

01_02. Using competitive intelligence

• One site that can help us get a better understanding of the technology used in the target
organization is Dice, https://www.dice.com/, which is a site that focuses on technology
professionals.

Challenge Question

Q. Competitive intelligence is used to help a company learn about its competitors to make
better business decisions. Describe ways the ethical hacking team can use competitive
intelligence to gather information about a company.

01_03. Investigating business sites

• If a company is publicly traded, you can check the U.S. Securities and Exchange Commission’s
Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system, which is a public searchable
database: https://www.sec.gov/edgar/.
• Dun & Bradstreet, https://www.dnb.com/, is a database of commercial data on credit history
and overall health of a company.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 1 of 17

 • Google Finance provides financial information on a company:
https://www.google.com/finance/?hl=en.
• Explore your world using Google Earth: https://www.google.com/earth/index.html

Challenge Question

Q. Describe how to use various sites, such as GitHub, Dun & Bradstreet, and Google Earth to
learn more about the target.

01_04. Searching and Google hacking

• Learn more about Archie, one of the original search engines, by visiting:
https://www.stackscale.com/blog/archie-internet-search-engine/.
• To find out how Google search engines locate information, go to:
https://developers.google.com/search/docs/fundamentals/how-search-works.
• To do an advanced search in Google. visit: https://www.google.com/advanced_search.
• Here you’ll find the Google hacking database:
https://www.offensive-security.com/community-projects/google-hacking-database/.

Challenge Question

Q. Describe how using Google hacking while footprinting can help uncover vulnerable applications,
exposed files and directories, and open servers and ports.

01_05. Employing social engineering

Challenge Question

Q. Discuss social engineering techniques the team can use during footprinting and reconnaissance,
such as eavesdropping, phishing, and shoulder surfing, to obtain information.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 2 of 17

01_06. Gathering data on people
• When conducting a people search, the following sites might be helpful:
−− AnyWho (https://www.anywho.com/) provides a detailed search on people and
organizations and is completely anonymous.
−− Spokeo (https://www.spokeo.com/) is a people search that uses public records,
white pages listings, and social networking sites to find information.
−− ZabaSearch (http://www.zabasearch.com/) is a free people search directory that
includes basic information, such as name, address, age, and partial phone numbers.
−− Yasni (http://www.yasni.com/) can search a wide range of information, including
network profiles such as Facebook and LinkedIn, special interest groups, and
business profiles.

Challenge Question

Q. Review how sites such as using AnyWho, Spokeo, and ZabaSearch can help the team compile
a more accurate picture of the target.

01_07. Tracking online reputation

• In addition to a general image search, we also can do an advanced image search by
going to: https://www.google.com/advanced_image_search.
• Another search method is by using an FTP search engine. Here is a list that might be
helpful: https://osintbase.com/category/search-engine/ftp-search-engine/.
• Video search engines are available to parse through the billions of videos available
today: https://www.searchenginejournal.com/best-video-search-engines/360822/#close.
• Reverse image search is possible, using the following:
−− Google: https://www.google.com/imghp
−− TinEye: https://tineye.com
−− PimEyes: https://pimeyes.com
• Google alerts can be found here: https://www.google.com/alerts.

Challenge Question

Q. Outline how to assess online reputation by using image and video search engines, reviews,
social media, and Google alerts.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 3 of 17

Chapter 2. Using Email and Websites
02_01. Harvesting email addresses
• The Landon Hotel (https://landonhotel.com/) is a fictitious site, where we can search for
evidence of email addresses.
• To generate a list of possible email addresses, visit: https://getmara.com/static/email-
address-generator.html. Note: Don’t enter the alternate company domain as it may not
generate a list.

Challenge Question

Q. Discuss ways you can harvest or craft a list of email addresses, which can then be used in
spear phishing and spoofing attacks.

02_02. Examining websites

• Visit DYNO Mapper, where you can learn more about the different ways you can visualize
a website: https://dynomapper.com.
• Once you run a site mapper, the software will present a view of you site, such as this one:
https://www-powermapper-com.azureedge.net/images/screenshots/mapper-electrum20.png.
• The Landon Hotel (https://landonhotel.com/) is a fictitious site used for training.

Challenge Question

Q. Discuss some of the ways to gather information from a website, such as emails, employee
directories, and comments.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 4 of 17

02_03. Scraping websites
• You can use a tool like CeWL (Custom Word List generator) to create a word list:
https://www.exploitone.com/tutorials/create-your-own-wordlist-to-brute-force-a-
website-using-cewl/.
• To obtain a copy of HTTrack Website Copier, visit https://www.httrack.com/.
• To view Fake Jobs for Your Web Scraping Journey, visit:
https://realpython.github.io/fake-jobs/.
• Here you’ll find an article on scraping websites:
https://realpython.com/beautiful-soup-web-scraper-python/.

Challenge Question

Q. Describe how to scrape a website to extract links, comments, and passwords.

02_04. Challenge/solution: Mirroring a website

• Learn how to spot a cloned website:
https://www.infinityinc.us/attack-of-the-clones-how-to-avoid-the-website-cloning-trap/.
• Learn how to spot a phishing attack:
https://www.infinityinc.us/how-to-spot-phishing-attack/.

In this challenge, we’ll use HTTrack to mirror a website.

• Go to https://www.httrack.com/ to download and install the software.

• Mirror example.com and then view the site.
• Answer: How can a malicious actor use this tool?

02_06. Monitoring websites

• Visit Pingdom by SolarWinds at https://www.solarwinds.com/pingdom and learn how
you can conduct performance monitoring to get a pulse on the website and make sure
that it is up and operational.
• Google Analytics can help you make sense of your target’s web traffic:
https://marketingplatform.google.com/about/analytics/.
• To monitor the uptime of your website, visit https://updown.io/ and receive an email
notification when your website is down.
• To get the scripts to monitor your website and APIs from your computer, go to GitHub:
https://github.com/sanathp/statusok.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 5 of 17

 • Using Monastic will help you do a quick check to see if a site is up and responding:
https://montastic.com/.
• To gain insight on your audience, visit:
https://www.quantcast.com/products/measure-audience-insights/.
• There are plenty of tools and techniques your team can use to check for vulnerabilities.
For a quick check, you can visit https://pentest-tools.com/website-vulnerability-scanning/
website-scanner and run a scan on the target.

Challenge Question

Q. Outline methods to monitor websites for traffic, changes, and updates.

Chapter 3. Searching the Network

03_01. Footprinting using DNS
Challenge Question

Q. Review different techniques involved in DNS footprinting.

03_02. Examining a zone transfer

• To obtain a packet capture on DNS, go to Chris Sanders at
https://github.com/chrissanders/packets and select dns_axfr.pcapng. Once on the page,
select “View raw” to download the file.

Challenge Question

Q. Explain how a zone transfer attack be dangerous, and what critical information about an
organization’s internal network can be revealed.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 6 of 17

03_03. Generating domain names
• To download a copy of Domain Name Analyzer, go to:
https://domainpunch.com/dna/download.php.

Challenge Question

Q. Describe how to generate believable domain names to launch a phishing or spear

phishing attack.

03_04. Determining the path

• Learn more about how to use traceroute, ping, MTR, and pathping for network
troubleshooting: https://www.clouddirect.net/knowledge-base/KB0011455/using-
traceroute-ping-mtr-and-pathping.
• Linux doesn’t have pathping, but you can use mtr (My Traceroute), which basically does
the same thing: https://linux.die.net/man/8/mtr.
• To see a non-graphical trace, ping and other tools online, go to:
https://mxtoolbox.com/NetworkTools.aspx.
• Go to https://traceroute-online.com/ to view Traceroute Online along with statistics and
internet maps.

Challenge Question

Q. Explain how tracert or traceroute can help us understand the path packets take through
the network and potential weak spots along the way.

03_05. Using nslookup and dig

• You can use the Google Admin Toolbox (https://toolbox.googleapps.com) for a wide range
of DNS activity.

Challenge Question

Q. Describe how to use nslookup and dig, in either the command line or using online resources,
to test a DNS query and view the results.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 7 of 17

Chapter 4. Discovering reconnaissance tools
04_01. Using OSINT tools
• For a of all the metadata that Shodan crawlers gather, visit https://datapedia.shodan.io/.
• Visit https://www.thewindowsclub.com/best-people-search-engines for a list of social
media websites and search engines to a specific individual.

Challenge Question

Q. Outline how Maltego, Shodan, and other tools can help provide intel for a more
targeted discovery.

04_02. Investigating email

• To get the header information from an email, go to MxToolbox, and How to Get Email
Headers: https://mxtoolbox.com/public/content/emailheaders/.
• To trace an email, you can use the tool Trace Email:
https://whatismyipaddress.com/trace-email.
• Cisco Talos (https://www.talosintelligence.com/) provides shared threat intelligence,
where you can check the reputation of an IP, domain, or network owner.

Challenge Question

Q. Discuss ways to extract information from an email header and then do a lookup of a
specific IP address.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 8 of 17

04_04. Footprinting VoIP and VPNs
• DNS leaks can occur if the VoIP traffic goes through an ISP’s DNS servers instead of going
through the VPN tunnel. The team can run a quick test by visiting: https://dnsleaktest.com.

Challenge Question

Q. Outline ways to assess VoIP and VPN systems for open ports, services, and exposed servers.

04_05. Going to the dark web

• While footprinting the dark web, you’ll want to set up to search anonymously by using a
sock puppet, which is a fictitious character, used while researching. You can read more here:
https://www.sans.org/blog/what-are-sock-puppets-in-osint/.
• Because much of the activity in the deep and dark web is concealed, it can be difficult to
search. There are search engines you can use. Learn more here:
https://www.avast.com/c-best-dark-web-search-engines.
• Visit the Tor Project (https://www.torproject.org/download/), where you can learn more
and download the Tor browser.

Challenge Question

Q. Outline ways the team can investigate the deep and dark web.

04_06. Exploring other footprinting tools

• Recon-Dog is an open-source reconnaissance tool used for gathering a variety of information
on a target domain. Learn more here: https://www.geeksforgeeks.org/reconnaissance-swiss-
army-knife-recondog-in-kali-linux/.
• BillCipher is an OSINT tool that focuses on mining data from social media platforms, domain-
related information, and email addresses: https://github.com/bahatiphill/BillCipher.

Challenge Question

Q. Discuss how Recon-Dog and BillCipher can help locate resources from various sources
on the internet.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 9 of 17

Chapter 5. Footprinting Capstone
05_01.Conducting a forensic exercise
Part of an ethical hacking exercise can involve remediation and security training. In this capstone,
you’ll step though the process of investigating a suspicious email to identify clues and learn how to
stop malicious email from reaching recipients.

The capstone is divided into three sections:

• Examine an email to determine sections that appear legitimate and where you see
suspicious content.
• Dive into an email header that can lend insight into the email’s routing, origin, and
metrics used to determine whether the email is possible spam.
• Verify IP blocklists that are used to identify IP addresses linked with suspicious or
malicious activities.

05_02. Examining an email

Training users on how to identify suspicious emails helps to improve the overall security of an
organization. In this segment, we’ll examine an email to determine what sections appear legitimate
and what sections appear suspicious.

1. Over one-third of cyberattacks involve phishing emails. Visit

https://www.phishingbox.com/phishing-iq-test/quiz.php and take the phishing test to
help you understand how to identify a phishing email.
2. Take a look at the following image and tell me a couple of ways this email looks legitimate.
What would make someone click on a link? In what ways is this email suspicious?

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 10 of 17

 Verify Your Email

The hyperlink for Verify Your Email is as follows:

https://firebasestorage.googleapis.com/v0/b/XXXXXXXXXX?alt=media&token=851844a5-9b3c-449d-
b31e-00d57238a4e8#[email protected]

3. Visit https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams and

read the article.
• What are some signs that an email is a scam?
• What are four ways to protect against phishing attacks?

Visit https://blog.knowbe4.com/phishing-campaigns-using-google-firebase-storage and

https://www.helpnetsecurity.com/2023/06/02/evolving-attack-methodologies/ and read the articles.
The articles share information about the prevalence of hackers using AWS, Google Docs, Firebase
Storage, and DocuSign.

• How would you use this information to protect your organization?

05_03. Diving into the header

An email header tells the story about the journey the email took from sender to receiver. In this
segment, we’ll investigate an email header and learn ways to prevent phishing and forgery.

Important note:
If you don’t know how to find an email header, visit:
https://mxtoolbox.com/Public/Content/EmailHeaders/.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 11 of 17

This following header has been modified to include Roxy@Kiddikatz for the email address.

Important note:
Verification and Authentication Agents (VAAs) are used to verify the authenticity and integrity of
email messages and ensure that the sender’s identity is legitimate. The agents use different
methods to combat threats such as spam, phishing, and spoofing.

Examining the Email Header

To begin the exercise, examine the following email header.

START EMAIL HEADER

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from dovdir4-asa-02o.email.Kiddikatz ([96.114.154.195])
by dovback4-asa-02o.email.Kiddikatz with LMTP
id iI0bBuH+k1/kcgAA1Vbeiw
(envelope-from <[email protected]>)
for <Roxy@Kiddikatz>; Fri, 24 Nov 2023 06:16:01 +0000
Received: from dovpxy-asc-13o.email.Kiddikatz ([96.114.154.195])
by dovdir4-asa-02o.email.Kiddikatz with LMTP
id uKDkA+H+k1/wLgAApBwMGg
(envelope-from <[email protected]>)
for <Roxy@Kiddikatz>; Fri, 24 Nov 2023 06:16:01 +0000
Received: from reszmta-po-01v.sys.Kiddikatz ([96.114.154.195])
by dovpxy-asc-13o.email.Kiddikatz with LMTP
id 8EcmAeH+k1/DXgAAKsibjw
(envelope-from <[email protected]>)
for <Roxy@Kiddikatz>; Fri, 24 Nov 2023 06:16:01 +0000
Received: from resimta-po-21v.sys.Kiddikatz ([96.114.154.149])
by reszmta-po-03v.sys.Kiddikatz with ESMTP
id WGadkLSgbxSFOWGaekA6i1; Fri, 24 Nov 2023 06:16:01 +0000
Received: from yogarafi.de ([144.76.72.196])
by resimta-po-21v.sys.Kiddikatz with ESMTP
id WGabkOpIji6AfWGadk3Lzc; Fri, 24 Nov 2023 06:16:01 +0000
X-CAA-SPAM: F00001
X-Meowkatz-VAAS:
gggruggvucftvghtrhhoucdtuddrgedujedrkedvgddvjecutefuodetggdotefrodftvfcurfhrohhfihhlvgemu
cevohhmtggrshhtqdftvghsihenuceurghilhhouhhtmecufedtudenucgoufhushhpvggtthffohhmrghinhc
uldegledmnegorfhhihhshhhinhhgqdetgeduhedqtdelucdlfedttddmnecujfgurhephffvufffkfggtgfgsehh
qheftddttddtnecuhfhrohhmpedftghomhgtrghsthdrnhgvthcuuffgtfgggfftucetfffokffpfdeotghprghnvgh
lshgvrhhvvghrsegtphgrnhgvlhdrnhgvtheqnecuggftrfgrthhtvghrnhepjeeijefgjeekgffhudejiefffeettdeh

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 12 of 17

hedtkefhudefudfhhfefjeelfeejteejnecuffhomhgrihhnpehgohgurgguugihrdgtohhmpdhgohhoghhlvgg
rphhishdrtghomhenucfkphepudeggedrjeeirdejvddrudeliedpudektddrvddugedrvdefledrudegnecuv
ehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghlohephihoghgrrhgrfhhirdguvgdpihhnvghtpedug
eegrdejiedrjedvrdduleeipdhmrghilhhfrhhomheptghprghnvghlshgvrhhvvghrsegtphgrnhgvlhdrnhgvt
hdprhgtphhtthhopehlsghotghkvdestghomhgtrghsthdrnhgvth
X-Meowkatz-VMeta: sc=349.00;st=phishing
X-Meowkatz-Message-Heuristics: IPv6:N;TLS=1;SPF=2;DMARC=F
Received: by yogarafi.de (Postfix, from userid 1001)
id 3A3D514C1A97; Fri, 24 Nov 2023 06:16:01 +0200 (CEST)
Received: from cpanel.net (unknown [180.214.239.14])
by yogarafi.de (Postfix) with ESMTPA id 2E88C14C1A7E
for <Roxy@Kiddikatz>; Fri, 24 Nov 2023 06:16:01 +0200 (CEST)
From: “Kiddikatz SERVER ADMIN”<[email protected]>
To: Roxy@Kiddikatz
Subject: Email service expiration and deactivation notification warning Roxy@Kiddikatz
Date: 24 Nov 2023 01:26:28 -0700
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
END EMAIL HEADER

Now that you have examined the header, we’ll use online resources to uncover possible
malicious artifacts.

Using MxToolbox
1. Go to MxToolbox, https://mxtoolbox.com/EmailHeaders.aspx and upload the email header.
COPY the text from START EMAIL HEADER to END EMAIL HEADER as shown above. PASTE
the text where it says Paste Header and select Analyze Header. Take a look at the details.
2. Scroll down where you will see cpanel.net 180.214.239.14 is on a blocklist. Clock the red X
to learn more.
• What does it mean when an IP address is on a blocklist? Learn more here: https://abusix.com/
resources/blocklists/how-to-check-whether-your-ip-address-is-blacklisted/.
3. Scroll down where you will see SPF failed for IP - 96.114.154.195.
This means a test to verify that the IP address is included in the Sender Policy Framework (SPF).
In this case the specified IP address is not included in the SPF record.

• What is Sender Policy Framework and how can you use this to protect your organization?
Learn more here: https://powerdmarc.com/what-is-spf/.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 13 of 17

Important note:
To read more on DMARC, visit https://dmarc.org/.

Providing Email Authentication

Email authentication verifies the identity of the sender and ensures the integrity of the email content.
Some of the methods used to provide email authentication include:

• Sender Policy Framework (SPF)

• DomainKeys Identified Mail (DKIM)
• Domain Message Authentication Reporting and Conformance (DMARC)

SPF was the first protocol; however, two other protocols help improve the effectiveness of providing
email authentication: DKIM and DMARC.

• DomainKeys Identified Mail (DKIM). Senders sign the email with a digital signature to
ensure authenticity and receivers then verify.
• Domain-based Message Authentication, Reporting, and Conformance (DMARC).
This is an email authentication policy that uses SPF and/or DKIM to establish the
sender’s identity.

Let’s talk about how these are used to provide email authentication.

When checking an email, the software will check the address on the envelope and the letterhead
address. Keep in mind, just because an email fails a DMARC test doesn’t always mean it is a spoofed
email, but it is a pretty good indication. If there is an error, the admin can adjust the DMARC settings.

DMARC relies on either SPF or DKIM to ensure authentication. However, SPF and DKIM can be used
as standalone methods. Used together they helps prevent phishing emails and forgery by allowing
administrators to validate inbound email.

Both sides must work together in that records have to be on either side of the communication for
comparison. If you are on the receiving end, you can assess authenticity and attach a reputation
so that any further communication will be allowed. If email for a domain is not sent from a host
listed in the DNS SPF, it will be considered spam and blocked.

Next, let’s talk about how DNS plays a role in securing email.

Involving Domain Name System

4. Another key component of implementing secure email delivery and spam protection is to
ensure you have properly configured your DNS server. This is so that other mail servers can
send mail to your users and so that other mail servers will trust you to receive your mail.
• How are PTR records used as another method for spam filters to determine the legitimacy
of an email? Learn more here: https://www.edisglobal.com/blog/ptr-record.

Finally, let’s review what you have learned by completing a matching exercise.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 14 of 17

Testing Your Knowledge
5. Matching

PTR Record a. This is an email authentication policy that uses SPF and/or
DKIM to establish the sender’s identity.

DKIM b. The specified IP address is not included in the SPF record.

IP Blocklisting c. This is used to verify the authenticity and integrity of email

messages and ensure that the sender’s identity is legitimate.

SPF Failed d. A reverse lookup maps an IP address to a host name.

DMARC e. Ignore or block a specific (malicious) IP address. Any mail

sent using that IP address is blocked and not forwarded.

VAAS f. Senders sign the email with a digital signature to ensure

authenticity and receivers then verify.

05_04. Verifying IP blocklists

IP blocklisting occurs when an IP address is ignored or blocked. In this segment, we’ll discover resources
that can identify suspicious IP addresses.

Scenario

During the course of your day, you’ve received an intrusion prevention system alert. Three IP addresses
have been blocked because of reputation. It turns out that a few suspicious emails have gotten through
the firewall. You immediately delete the email to prevent it from causing any more damage.

Your job is to investigate further by going to Talos Intelligence and see what you can find out about the
IP addresses.

Once there, locate the Owner Details, Reputation Details, and whether those IP addresses are on the
blocklist. You’ll also want to find out if any other IP addresses were used to send emails and whether
the email addresses have a poor reputation.

Here are your three IP addresses.

• 216.151.180.226
• 111.223.219.146
• 45.117.142.42

Go to https://talosintelligence.com/ and view the following details for each IP address:

• Owner Details
• Reputation Details

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 15 of 17

 • Is the IP address blocklisted?
• View the top addresses used to send emails

Go to https://www.projecthoneypot.org and select the IP Data tab.

• Select Lookup IP from the menu bar and enter 45.117.142.42 in the form.

Go to https://check.spamhaus.org/ and enter 45.117.142.42 in the form.

• What can we learn from this information?

Chapter 6. Wrapping Up the Recon

06_01. Guarding social media
• The history of social media can be traced back to one of the first sites called Six Degrees,
created in 1997.
• Learn how cybercriminals can use a company badge:
https://securityintelligence.com/articles/cybersecurity-awareness-data-attacker-employee-id/.

Challenge Question

Q. Outline ways to protect social media accounts to prevent cyberattacks and data loss.

06_02. Writing footprinting reports

• For Google’s content removal page, visit:
https://support.google.com/legal/answer/3110420?rd=1.

Challenge Question

Q. Outline reporting guidelines and mitigation techniques along with a discussion on the
security implications of sharing information online.

06_03. Countering footprinting

• The Wayback Machine (https://archive.org/) is an internet archive where you can search
for archived content.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 16 of 17

 Challenge Question

Q. List some steps you can take to be less vulnerable to exposure.

06_04. Summarizing the course

• To see a list of courses on my home page, visit:
https://www.linkedin.com/learning/instructors/lisa-bock?u=2125562.

Ethical Hacking: Footprinting and Reconnaissance with Lisa Bock 17 of 17