Footprinting Example

Gupta: Hello and welcome. Let’s talk about Footprinting Example. So now in this video we are going to take a look at couple of points. First of all we will learn about what are the various footprinting tools available inside Kali Linux Operating System and then we will also perform practicals on network footprinting as well as website footprinting. So we need to open Kali Linux and Windows 10 Operating System in VMware Workstation and then I’m going to show you that what other information gathering tools available inside Kali Linux. So I’m here at Kali Linux Operating System and in VMware Workstation Windows 10 is also open. So let’s talk about the information gathering tools here.

So if you click on applications then you can see the first one in information gathering which is also called footprinting. So these all are the tools available for information gathering purpose. Now we can use any tool available inside this list. For example, we can try the first one Dmitry. So you can click here. So you can see here that this is Dmitry and these are the options available inside this tool. For example, you can try the “-I” to gather information about a host IP address. You gather information about subdomains, email addresses, a port number. So first of all we are going to perform network footprinting in which I’m going to show that how you can find out the open ports available inside the operating system.

So I’m going to show you that how you can find out open ports available inside Kali Linux and your router or gateway. So to gather information about open ports inside Kali Linux you can type here Dmitry and then the option. So the option to gather information about ports is “-p”. You can type here “-p” space the IP address of the target. So our IP address is Kali Linux IP address. So my Kali Linux IP address is 192.168.0.8. You can also check here. You can click File, you can click New Terminal and inside New Terminal you can type ifconfig, hit Enter and here you can see that this is the IP address of Kali Linux Operating System and here you can type the IP address. So by using this command we can find out the open ports available inside, the target system and hit Enter. So here you can see that basically it has not provided any port numbers. It’s saying that scanning 150 ports and 149 ports were in state closed. Sometimes it happens when the target system is not able to provide you the port numbers, right.

Let me try with my router which is .1, hit Enter and here you can see that now it has provided me the two ports which are open. So there are two ports, one is 23, one is 80. 23 is Telnet and 80 is HTTP. So if 23 port number is open inside my router or gateway it means my router or gateway is vulnerable, alright, because it should not be open. 23 Telnet is vulnerable nowadays. 80 is – 80 should be open because without 80 port number you won’t be able to communicate outside the network. So that’s why 80 should be open, but 23 should not be open. So that’s why Telnet is open, so that’s why it is vulnerable. So that’s how you can find out the port numbers inside the target machine.

So -p is the option available in Dmitry to gather information about it. Now you can again type Dmitry -h. So this about network footprinting, gathering information about network, some basic information. Dmitry -h and you can also gather information about website. For example, you can try -s to gather information about subdomains of a website. So let me try on a sample website provided by Acunetix Company. So you can type here Dmitry -s. I’m trying to find subdomains of a website and then the web url www.vulnweb.com which is a sample website for testing. Anyone can use it. Hit Enter and here you can see that it has provided us the subdomains of this website. So this is the website vulnweb.com. Here you can see the subdomains testhtml5.vulnweb.com, testphp., testasp., asp.net, asp., so these all are the subdomains available in the website that you can list out using -s command inside Dmitry. Got it?

So this is the command we have used using Dmitry to find out the subdomains of a website, alright. So this is a basic information you can gather using information gathering tool. You can also perform information gathering of a website using host website. So let me show you and how you can perform web information gathering using host. So you can minimize it. Let me open the browser inside Kali Linux Operating System and then we will open up the host website to gather information about website.

So here in the browser you can search here who.is, hit Enter. So this is the website who.is, who is search domain name website and IP Tools. This is to gather information about websites. Hit Enter and here you can see this is who.is where you need to put here the website address and then you can search about it. So for example, I can type here www.vulnweb.com which is a sample website provided by Acunetix, hit Enter and just wait here. Yeah, so here you can come down and you can see information about the registrar info about a website that – it is the registrar name is Eurodns, who is server, referral URL, status. This is the Name Server IP addresses available which is very useful and this is information about the owner of the website. So the name is Acunetix, right. Organization is Acunetix Ltd, address is available here, city, postal code, country, phone numbers and email address is also available here, right.

So the basic information we need at the time of information gathering is available here. So that’s how you can also gather information about website. This is a website footprinting technique by using who.is, right. You can also go to diagnostics. So here there are two options. One is ping and one is traceroute, right. So using ping you can find out that the target server, the target web server is live or not. So you can see here that it is responding. It means the target server is live and using traceroute you can check that, what is the path of the packets from my system to the web server right, because I am performing scanning. So my system is generating packets and it is going to the web server.

So this is the path using traceroute and how the packets are going from my system to the server. So these are the IP addresses, these are the hopes in between my system and the server and then you can locate the part easily using traceroute command. So this is how you can gather information about network and website footprinting techniques.