Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

CEH Slide 笔记 (一)

wpadmin~August 14, 2018 /InfoSec

CEHv9 Module 02 Footprinting and Reconnaissance

Footprinting and Reconnaissance

Contents

Footprinting

OSINT

Social Network
Advanced Google Hacking
Search Engine Footprinting
WHOIS
DNS
Network
Social Engineering
Email
Competitive Intenligence
Website Footprinting

Objectives of Footprinting

Network INFO

Domain name
Internal domain names
Network blocks
IP address of the reachable systems
Rogue websites/private websites
TCP/UDP services running
ACL mechanisms / ACL policys
Network protocols
VPN point
IDSes runing / Other infosec devices
telephone number
Authentication mechanisms
System enumeration

System INFO

User names / Group names
System banner
Routing tables
SNMP infomation
System architecture
remote system type / OS (Operating System)
System names / Host names / FQDN
passwords

Organization INFO

Empoloyee details
Organization’s websites
Company directory
Location details
Address and phone numbers
Comments in HTML source code
security policies
web server links relevant to the Organization
background of the Organization
news articles
press release

footprinting methodology

1 search engine
2 google hacking
3 social networks
4 website footprinting
5 email Footprinting
6 competitive intelligence
7 whois
8 DNS
9 Network
10 Social Engineering

chaos

OS detection

netcraft http://www.netcraft.com
shodan

1 some people search services
2 job sites
3 find info in financial services / bloomberg / financial report

content monitoring services

GHDB (Google Hacking Databse)
Google Dorks – exploit-db
https://www.exploit-db.com/google-hacking-database/

website mirroring tool

HTTrack
SurfOffline
Internet Archive https://archive.org/

webpage update monitoring
Page2RSS

email tracking
(pixel tracking)

Competitive Intelligence

天眼查/企查查 美国版

EDGAR database
https://www.sec.gov/edgar/searchedgar/webusers.htm

Hoovers
http://www.hoovers.com/

LexisNexis
https://www.lexisnexis.com/en-us/gateway.page

Business Wire
https://www.businesswire.com/portal/site/home/

统计类
Alexa

Monitis
https://www.monitis.com/
web-stat
https://www.web-stat.com/

舆情管理 Online Reputation Management ORM
https://www.trackur.com/

Domain

Regional Internet Registries (RIRs)
ARIN
AFRINIC
RIPE NCC
LACNIC
APNIC

whois
http://whois.domaintools.com/

DNS p55

DNS record type
A
MX
NS
CNMAE
SDA
SRV
PTR
RP
HINFO
TXT

Footprint Toool

Maltego
Recon-ng
FOCA(Fingerprinting Organizations with Collected Archives)
https://github.com/ElevenPaths/FOCA

FOCA 主要活跃于 西班牙语系的地区
看起来并不好用
Pentesting con la “nueva” FOCA
https://www.youtube.com/watch?v=m5fqI5WPB5g

Leave a Reply

Your email address will not be published. Required fields are marked *