Home » Blogs » suyashjain's blog

The Seven-Step Information Gathering Process

Author Details : suyashjain Blog | suyashjain Links | India |

Points: 1 point, 6913 views Comments: 0 Comments User: suyashjain

Footprinting is about information gathering and is both passive and active. Reviewing the company's website is an example of passive footprinting, whereas calling the help desk and attempting to social engineering them out of privileged information is an example of active information gathering.

Scanning entails pinging machines, determining network ranges and port scanning individual systems.

1. Information gathering
2. Determining the network range
3. Identifying active machines
4. Finding open ports and access points
5. OS fingerprinting
6. Fingerprinting services
7. Mapping the network

THE SEVEN STEPS OF THE PREATTACK PHASE

Step Title Active/Passive Common Tools
One Information gathering Passive Sam Spade, ARIN, IANA, Whois, Nslookup
Two Determining network range Passive RIPE, APNIC, ARIN
Three Identify active machines Active Ping, traceroute, Superscan, Angry IP scanner
Four Finding open ports and applications Active Nmap, Amap, SuperScan
Five OS fingerprinting Active/passive Nmap, Winfigerprint, P0f, Xprobe2, ettercap
Six Fingerprinting services Active Telnet, FTP, Netcat
Seven Mapping the network Active Cheops, traceroute, NeoTrace

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.
.