CEH - 职业道德黑客 关于Footprinting
首先,然我们先看看关于本章的术语(Terminology) Footprinting: 足迹收集,收集目标的网络 Passive Footprinting: 不直接的接触收集网络信息 Active Footprinting: 与passive相反嘛 Social Network Footprinting: 调查目标社交媒体 Website Footprinting: 目标的一些网站进行收集
Methods
- Examining the web page's source code 检查源代码
- Examining cookies 检查cookie
- Extracting metadata of web sites 抽取元数据
- Monitoring website for updates 监控网站的更新
- Tracking Email 追踪邮件
- Email header analysis 邮寄头部分析
- Competitve Intelligence Gathering 智能收集(爬虫)
- Monitoring website traffic 监控网站数据流
- Tracking online reputation 追踪相关评论
- WHOIS IP地址版企查查(记得买ip的时候开启信息保护哦)
- IP geolocation 物理地址追踪
- DNS footprinting DNS追踪
Information collected 信息收集
收集方向:
- Organization Information (比如电话号,雇员的信息等)
- Relations with other companies (与其他公司的关联)
- Network Information (比如Domain,IP等)
- System Information (比如从html header里捕捉服务器容器,OS)
footprinting 的objective目的
- Konw Security Posture: 了解目标的安全现状
- Reduce Focus Area: 节约时间
- Identify vulnerablities: 什么是惊喜
- Draw Network Map: 了解目标网络结构
使用搜索引擎Google进行高级搜索
cache: 关键字搜索: 在google里所有的关于搜索目标的记录link: 关键字搜索:搜索有目标的连接的网站related: 关键字搜索:模糊搜索info: 关键字搜索:在网址前加info:,获取网站详情site: 关键字搜索:在指定站点搜索语言类别等 详见 evanli.github.io/blog/2019/0…
DNS footprinting
DNS record types:
A: Points to a host's IP addressMX: Points to a domain's mail serverNS: Points to a host's name serverCNAME: Canonical naming allows aliases to a hostSOA: Indicate authority for domainSRV: Service recordsPTR: Maps IP address to a hostnameRP: Responsible personHINFO: Host information record includes CPU type and OSTXT: Unstructured text records 这篇windows的DNS追踪 blog.csdn.net/heiyueya/ar…
Traceroute
Trace the path between you and your target computer.
Example on Linux:
traceroute danielgorbe.com
