Footprinting is all about collecting data from the target site. The intention is to collect data from multiple possible sources.
Foot Printing is mostly done by Ethical Hackers to identify the data which is available over the internet, either knowingly or unknowingly, and this data is collectively organized in a structured manner to identify the internal vulnerabilities of the system/software.
Vulnerability means Internal Weakness of the system
During this step, Ethical hackers would like to think from the perspective of a fraudster who is ready to attack the system/software, a strong analysis is made if someone could find a way to identify the vulnerability. If any vulnerability is identified then that would be immediately corrected by the Ethical Hackers team.
Foot Printing is also done by fraudsters to identify the vulnerabilities in the system so that if they could identify the vulnerability, they could easily gain access to the system or break into the software and gain control over it. Well, it is not that easy…
Vulnerabilities are more dangerous as they could allow an attacker to
Install malware
Perform SQL injection attack
Perform Buffer Overflows
Active and Passive are the two types of Footprinting. Active Footprinting refers to gathering information about the system by directly communicating with the system while Passive Footprinting is about collecting the information from internet sources like OSINT, whoisdomaintools
A few Possible sources to collect the information:
OSINT Framework: This framework gives a lot of data about the target, we could easily find all the registered emails, contact details, addresses, people under an organization, and many more
Command Prompt: Few Commands help us to find the IP address of the target
Nmap: It gives details like type of OS, software version, etc...
Zenmap: Similar to Nmap, here GUI is provided over CLI