[Notorious]

Footprinting
Know what you're going up against.


As said before, hackers are humans and as humans they think. This is why they also plan whatever they do in a minimal way. To attack without possibility of a plan is brave, to attack without a plan is just idiotic. So, let's start.

---

Footprinting Theory
Footprinting, yes. This doesn't mean we're going trash diving or following our target to the market, rather finding those breadcrumbs that he forgets online.
Since this is the first and foremost phase you probably know what we're going to do. We're going to rough up some information about our target before we actually go and take action. Probably the most boring part of hacking yet it is necessary to actually do something without hitting dead ends that end up being traps.  We have to passively and actively gather information on our target. The goal is to, at the end of this phase, have as much information about them as possible may it be senseless or not. You have to profile the target and know what's hidden behind that IP address. You should have enough data to be effective and the second phase that I'll talk about later on.
Practically? This is the kind of information you'd like to have initially:

⚫IP Address ranges - This will ease up the load on the scanning phase in which you will have to ping sweep everything you find. Having a range will heavily reduce the process.
⚫Namespaces - Need I explain?
⚫Employee Information / Personal Info - Obvious reasons.
⚫Phone Numbers - Useful for targeting mobile devices and/or contacts.
⚫Hardware Information - Possibly the most important thing since you have to know if you're up against Linux, Windows or MacOS.
⚫Job Information / Certification Information - Useful for knowing what can be thrown your way. If they only know HTML, it'll be a breeze.

---

Done correctly, footprinting can create the perfect plan for your attack that allows you to go through it without many problems. You have to be methodical during this process since it can really leak huge amounts of sensitive information that don't look like it. This is the easiest and most covert way of obtaining information about your target since everything you catch has been made public through the internet. The practical goals you want to have before starting this phase are

⚫Network Information - Domains, VPNs, TCP/IP services, firewalls, authentication systems.
⚫OS Information - Operating System info which varies from OS to version
⚫Personal Information - Personal data of the company / target
⚫Network Blocks - Straight forward
⚫Network Services - Same here
⚫(Web) Application Data/Configs - Search for possible loopholes
⚫System Architecture - Useful for studying exploits
⚫IDS and IPS - Intrusion Detection / Prevention Systems

---

Terminology
There are various different types of information gathering which are all fine since they all do pretty much the same thing. Going mixed is a logic idea though since you can recover different information that has been spread.

Open Source Info Gathering
This is the least aggressive manner of gathering information between these different methods. This is based on the fact that you can gather quite a lot of info from simple things that are out in the open. This means using newspapers, social media, forums, blogs and anything that can come to mind.
Active Information Gathering
This method involves direct engagement with the target which means contacting them, visiting them (in case of companies), and is mostly an actual form of social engineering since it targets a computer's biggest flaw: human.
Pseudonymous Footprinting
This is closely related to the active method since it also uses social engineering but with a different and more useful aspect: anonymity. You interact with the target under false credentials or names making them believe you are something or someone you're not.
Internet Footprinting
Google searching and Google hacking is pretty useful for this. This can help you find things that the target wants to hide (but actually can't).

---

I will end up making practical guides on footprinting which will be posted here by the time I actually make them. Hold tight since it could be close.