What is Footprinting?

Footprinting is the technique to collect as much information as possible about the targeted network/victim/system. It helps hackers in various ways to intrude on an organization's system. This technique also determines the security postures of the target. Footprinting can be active as well as passive. Passive footprinting/pseudonymous footprinting involves collecting data without the owner, knowing that hackers gather his/her data. In contrast, active footprints are created when personal data gets released consciously and intentionally or by the owner's direct contact.

Sub Branches of Footprinting

Other than types of footprinting, some branches of footprinting a learner should know before gathering information.
  • Open-Source Footprinting.
  • Network-based Footprinting.
  • DNS Interrogation.

Open-Source Footprinting

This type of footprinting is the safest, holding all legal limitations, and hackers can do it without fear because it is illegal and, hence, coined the term Open-source. Examples of this type include: finding someone's email address, phone number, scanning IP through automated tools, search for his age, DOB, house address, etc. Most companies provide information about their companies on their official website without realizing that hackers can benefit from that information provided by them.

Network-based Footprinting

Using this footprinting category, hacktivists can retrieve information such as user name, information within a group, shared data among individuals, network services, etc.

DNS Interrogation

After gathering the information needed from the different areas using various techniques, the hacker usually queries the DNS using pre-existing tools. Many freeware tools are available online to perform DNS interrogation.

Tools, Tricks, and Techniques for Information Gathering


Whois is a renowned Internet record listing tool to identify who owns a domain or who registers for that particular domain along with their contact details. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain registration and ownership details. Whois records have proven extraordinarily beneficial and have developed into an essential resource for maintaining the domain name registration and website ownership process's integrity.

  • Harvester is also an information-gathering tool that helps you extract the email address and subdomains of a particular target. Harvester is coded using a simple python script which searches information from giant search engines like Google, Yahoo, Bing, and much more.
  • Metagoofil is another information gathering or footprinting tool used for extracting information or data which is publicly available on the internet belonging to the company.
  • Netifera is a potent tool that gives a complete platform to gather information regarding the targeted website you want to attack. It a free tool that comes inbuilt with Backtrack Linux OS. This software will give information such as IP address, the Programming language used for website development, the number of websites hosted, DNS.


  • OS Identification: involves sending illegal TCP (Transmission Control Protocol) or ICMP (Internet Control Message Protocol) packets to the victim's system to identify the OS (Operating system) used by the victim on his server or computer.
  • A ping sweep is a technique of establishing a range of IP addresses that map hackers to live hosts. Fping, Nmap, Zenmap, ICMPEnum, SuperScan are some of the tools used to ping a large number of IP addresses at a time; to generate lists of hosts for large subnets.


We can gather information from other sources such as social networking sites (Facebook, Twitter, LinkedIn, etc.) where general users share their personal data and additional information related to them. Even search engines play a significant role in gathering information.

Hackers can also gather information from various financial services about a target company, such as the market value of a company's shares, company profile, competitor details, etc.

Hackers can also collect information from the email header, which includes:

  • Address from which message was sent.
  • Sender's email server.
  • Sender's IP address.
  • Date and time received by the originator's email server.
  • The sender's mail server uses the authentication system.
  • Sender's full name.

Objectives of Footprinting

  1. Collect Network Information: such as Domain name, Internal domain names, IP addresses of the reachable systems, rogue websites/private websites within the domain, Access Control Mechanisms, protocols used, existing VPNs, analog and digital telephone numbers, authentication mechanisms, and system enumeration.
  2. Collect System Information: such as users and group names, system banners, routing tables, and the routing protocols it is using, SNMP information, system architecture, operating system used, remote system type, username, and passwords.
  3. Collect Organizations' Information: such as Employee details, organization's website, company directory, local details, address and phone numbers, comments in HTML Source code within an organization's website, security policies implemented, web server links relevant to the organization, news articles and press release.


  • Classify the type of information which is needed to be kept public.
  • Don't put unnecessary information into any profile, social networking account, or any web site.
  • Don't keep personal contact number in any company or organization's phone book, mainly to prevent war-dialing.

Countermeasures Against DNS Interrogation

  • Keep internal DNS and external DNS separate.
  • Restrict and disable zone transfer to authorized servers.