Website and E-mail Footprinting


Website and e-mail footprinting may require a little more effort and technical knowledge, but it’s worth it (not to mention EC-Council has devoted two entire slide show sections to the material, so you know it’s gonna be good). Analyzing a website from afar can show all sorts of potentially interesting information, such as software in use, OS, filenames, paths, and contact details. Using tools such as Burp Suite, Firebug, and Website Informer allows you to grab headers and cookies, and learn connection status, content type, and web server information. Heck, pulling the HTML code itself can provide useful intel. You might be surprised what you can find in those “hidden” fields, and some of the comments thrown about in the code may prove handy. A review of cookies might even show you software or scripting methods in use. E-mail headers provide more information than you might think, and are easy enough to grab and examine. And tracking e-mail? Hey, it’s not only useful for information, it’s just downright fun.

Although it doesn’t seem all that passive, web mirroring is a great method for footprinting. Copying a website directly to your system (“mirroring” it) can definitely help speed things along. Having a local copy to play with lets you dive deeper into the structure and ask things like “What’s this directory for over here?” and “I wonder if this site is vulnerable to fill-in-chosen-vulnerability without alerting the target organization.” Tools for accomplishing this are many and varied, and while the following list isn’t representative of every web mirroring tool out there, it’s a good start: 

•  HTTrack (www.httrack.com
•  Black Widow (http://softbytelabs.com
•  WebRipper (www.calluna-software.com
•  Teleport Pro (www.tenmax.com
•  GNU Wget (www.gnu.org
•  Backstreet Browser (http://spadixbd.com)  

Although it’s great to have a local, current copy of your target website to peruse, let’s not forget that we can learn from history too. Information relevant to your efforts may have been posted on a site at some point in the past but has since been updated or removed. EC-Council absolutely loves this as an information-gathering source, and you are certain to see www.archive.org and Google Cache queried somewhere on your exam.


at 7:13 AM
Labels: ,

9 comments:

  1. HimaniSeptember 6, 2019 at 1:02 AM

    Nice blog.
    To learn more about Ethical Hacking institute in Noida, then you can get in touch with the Global Institute of Ethical Hacking, Noida. They provide the best courses to make you stand out of the crowd.

    ReplyDelete
  2. sachin nagarNovember 15, 2019 at 1:35 AM

    Hi, This is a great article. Loved your efforts on it buddy. Thanks for sharing this with us. Get
    CISSP training
    cissp exam cost
    CISSP certification.
    it courses.

    ReplyDelete
  3. No NameAugust 18, 2020 at 12:11 PM

    Hello Everyone !

    USA SSN Leads/Dead Fullz available, along with Driving License/ID Number with good connectivity.

    All SSN's are Tested & Verified.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If you buy in bulk, will give you discount
    *Sampling is just for serious buyers

    ->Hope for the long term business
    ->You can buy for your specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete
  4. No NameJanuary 5, 2021 at 2:48 PM

    Selling USA FRESH SPAMMED SSN Leads/Fullz, along with Driving License/ID Number with EXCELLENT connectivity.

    **PRICE**
    >>2$ FOR EACH LEAD/FULLZ/PROFILE
    >>5$ FOR EACH PREMIUM LEAD/FULLZ/PROFILE

    **DETAILS IN EACH LEAD/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER WITH EXPIRY DATE
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL, I.P ADDRESS
    ->EMPLOYEE DETAILS
    ->REALTIONSHIP DETAILS
    ->MORTGAGE INFO
    ->BANK ACCOUNT DETAILS

    >All Leads are Tested & Verified.
    >Invalid info found, will be replaced.
    >Serious buyers will be welcome & I will give discounts for bulk orders.
    >Fresh spammed data of USA Credit Bureau
    >Good credit Scores, 700 minimum scores
    >Bulk order will be preferable
    >Minimum order 20 leads/fullz
    >Hope for the long term business
    >You can asked for samples, specific states & zips (if needed)
    >Payment mode BTC, PAYPAL & PERFECT MONEY

    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ''OTHER GADGETS PROVIDING''

    >Dead Fullz
    >Carding Tutorials
    >Hacking Tutorials
    >SMTP Linux Root
    >DUMPS with pins track 1 and 2
    >Sock Tools
    >Server I.P's
    >USA emails with passwords (bulk order preferable)

    **Contact 24/7**

    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  5. Dracie BradleyNovember 22, 2021 at 9:52 PM

    Hey! I have read your blog, it is very well-written content that you have shared here. I have learned many things related to the driveway. Thank you for sharing it. You can also check herecertified ethical hacker course

    ReplyDelete
  6. CarolineMay 21, 2022 at 5:35 PM

    I probably shouldn't be saying this here in public honestly, but let me introduce everyone to this experience genuine hacker. He is a professional and the best of hacking any iOS device & iCloud ID, Androids device & Google ID, Mac Book PC, and all Window system. He is called "Hacker Kaspersky" I have used his service and confirm how ethical standard he can handles social network Applications, He help hack my spouse phone, As my phone was linked with access to interact with target device as a remote operator. I can monitor my spouse iPhone11pro, Location, Facebook, Messenger, Instagram, WhatsApp, Hangout chats, Call logs and Notifications. Reach out to him for help via Email: (hackerkasperskytech@gmail.com) Tell him I refer you.

    ReplyDelete
  7. Deep web HackersJuly 20, 2022 at 3:41 PM

    If you need a website, you can use the services of Barrysanchez(hackermail) com . I have in contact with them for phone hack but I have never used them for website. It was only listed as part of their services hence I recommended them on this platform.

    ReplyDelete
  8. Cool StuffMarch 1, 2023 at 9:58 AM

    WA/TG = +92 317 272 1122
    TG/ICQ = @killhacks
    exploit.tools 4u at gmail dot com
    Wickr/Skype = @peeterhacks

    Hello To All !

    Stuff we're offering :

    SSN DOB DL Fullz with High CS 700+
    CC Fullz with CVV+SSN info & address (all USA banks)
    Dumps with pin & complete dumps using tutorials for cash outs
    Business EIN fullz fresh
    Full packages with all related & necessary tools & Tutorials
    Hacki-ng, Spamm-ing, C-arding, Spying, Cloning
    Working Loan Methods with all info

    Hey Guy's very fresh fullz & Tools are now available.
    We're offering bulk fullz & Many packages in offers.
    If you wanna learn anything regarding Hac-king, Carding, Applying Loan Online,
    Spa-mming, Filling for benefits.
    We'll provide you fresh & legit stuff with proper guidance & assistance.

    Other tools are also available
    Just try our services at once
    you'll never be disappointed

    For further info
    Feel Free to ping us

    ReplyDelete
  9. Games worldNovember 9, 2023 at 4:07 AM

    Best digital marketing agency in mumbai Kensica is the most confided in Best computerized promoting office in mumbai and furthermore extremely well known advanced marking organization in Navi Mumbai. We are known for our imaginative system and innovation supported Web optimization, SMO, SEM, SMM, PR administrations, and numerous other web based advertising arrangements.

    ReplyDelete

Subscribe to: Post Comments (Atom)

Popular Posts

  • Scanning Methodology
    As you’re probably aware by now, EC-Council is in love with methodology. Sure, in the real world you may not follow the steps blindly in or...
  • The Phases of Ethical Hacking
    The process of ethical hacking can be broken down into five distinct phases.  An ethical hacker follows processes similar to those of a mal...
  • nmap Command Switches
    Nmap is a free, open source tool that quickly and efficiently performs ping sweeps, port scanning, service identification, IP address dete...
  • Redirecting the SMB Logon to the Attacker
    Another way to discover passwords on a network is to redirect the Server Message Block (SMB) logon to an attacker's computer so that...
  • Understanding Email Tracking & Web Spiders
    Understanding Email Tracking Email-tracking programs allow the sender of an email to know whether the recipient reads, forwards, modifies, ...
  • Overt and Covert Channels
    An  overt channel  is the normal and legitimate way that programs communicate within a computer system or network. A  covert channel  us...
  • Banner Grabbing and OS Fingerprinting Techniques
    Banner grabbing and operating system identification—which can also be defined as  fingerprinting  the TCP/IP stack—is the fourth step in...
  • How the Netcat Trojan Works
    Netcat is a Trojan that uses a command-line interface to open TCP or UDP ports on a target system. A hacker can then telnet to those ope...
  • How to Be Ethical
    Ethical hacking is usually conducted in a structured and organized manner, usually as part of a penetration test or security audit. The de...
  • Using Traceroute in Footprinting
    Traceroute is a packet-tracking tool that is available for most operating systems. It operates by sending an Internet Control Message Prot...