Monday, September 5, 2011

The Seven-Step Information Gathering Process

Basic guide to perform information gathering including some useful tools

Footprinting is about information gathering and is both passive and active. Reviewing the company's website is an example of passive footprinting, whereas calling the help desk and attempting to social engineering them out of privileged information is an example of active information gathering.

Scanning entails pinging machines, determining network ranges and port scanning individual systems.
  1. Information gathering
  2. Determining the network range
  3. Identifying active machines
  4. Finding open ports and access points
  5. OS fingerprinting
  6. Fingerprinting services
  7. Mapping the network
The Seven Steps Of The Pre-Attack Phase

StepTitleActive/PassiveCommon Tools
OneInformation gatheringPassiveSam Spade, ARIN, IANA, Whois, Nslookup
TwoDetermining network rangePassiveRIPE, APNIC, ARIN
ThreeIdentify active machinesActivePing, traceroute, Superscan, Angry IP scanner
FourFinding open ports and applicationsActiveNmap, Amap, SuperScan
FiveOS fingerprintingActive/passiveNmap, Winfigerprint, P0f, Xprobe2, ettercap
SixFingerprinting servicesActiveTelnet, FTP, Netcat
SevenMapping the networkActiveCheops, traceroute, NeoTrace

No comments: