An embarrassingly huge amount of information on our customer's network and systems is probably available for the taking – no hacking required. Most corporations publish data to a variety of publicly accessible sites. Their own web page, social media, forums, and employee presence on a myriad of sites leave plenty of holes, and this grows exponentially as we take into account their partners, contractors, and other relationships that may be captured for all to see. A quick Google search can reveal a lot about our target, and LinkedIn is a treasure trove for feeding the social engineering aspects of our penetration test. The biggest challenge in footprinting – the act of discovering and mapping the target network, will honestly be how to quickly assess and document exposed flaws for our customer while finding useful vectors for our testing.
We should understand individual tools such as those involved with DNS and ISP information (for example, whois
, nslookup
, and dns6dict...