SlideShare ist ein Scribd-Unternehmen logo

Footprinting _ By Mujmmil Shaikh

Mujmmil Shaikh
Mujmmil Shaikh

Foot-printing is a method to draw the blueprint of the security profile for an organization, undertaken in a methodological manner, only by an Experts like Mujmmil Shaikh. I have relased this Educational presentation with slight misspelled name in order to divert the attention for time being and mislead fools primarily. © Mujmmil Shaikh mujmmil01@gmail.com

Technologie
1 von 36
IT Security & Ethical Hacking “FOOTPRINTING” BY Er. Mujmmil Shaikh
Appin Tech 2011 Table of Content 1. Introduction. 2. Why Footprinting Necessary? 3. Areas & Information which attackers seek. 4. Information Gathering Methodology. 5. Competitive Intelligence Gathering. 6. Footprinting Tools. 7. Who is Tools? 8. DNS Information Extraction Tools. 9. Locating Network Range. 10. E-mail Spiders. 11. Locating Network Activity. 12. Search Engines. 13. How to Fake Websites? 14. Summary. ER.MUJMMIL SHAIKH
Appin Tech 2011 Introduction Footprinting is the blueprint of the security profile of an organization, undertaken in a methodological manner. Footprinting is one of the three pre attack phases; an attacker spends 90% of the time in profiling an organization and another 10% in launching the attack. Footprinting results in a unique organization profile with respect to Networks (Internet/intranet/extranet/wireless) and systems involved. Why Footprinting Necessary? Footprinting is necessary to systematically and methodically Ensure that all pieces of information related to the aforementioned technologies are identified. Footprinting is often the most difficult task to determine the security posture of an entity. ER.MUJMMIL SHAIKH
Appin Tech 2011 Areas and information which attackers seek INFORMATION GATHERING 1. Information Gathering Methodology  Unearth initial information.  Locate the network range.  Ascertain active machines.  Discover open ports/access points.  Detect operating systems.  Uncover services on ports.  Map the network. ER.MUJMMIL SHAIKH
Appin Tech 2011 2. Passive Information Gathering Passive Information Gathering means To understand the current security status of a particular information system, organizations perform either a penetration testing or other hacking techniques. It is done by finding out the freely available details over the internet and by various other techniques without coming in contact with the organizations servers. Organizational and other informative websites are exceptions as the information gathering activities carried out by an attacker do not raise suspicion. COMPETITIVE INTELLIGENCE GATHERING Business moves fast. Product cycles are measured in months, not years. Partners become rivals quicker than you can say „breach of contract.‟ So how can you possibly hope to keep up with your competitors if you can‟t keep an eye on them? It is the process of gathering information about your competitors from resources such as the internet. The competitive intelligence is non-interfering and subtle in nature. It is both a product and a process. ER.MUJMMIL SHAIKH
Appin Tech 2011 Why do you need competitive intelligence? ER.MUJMMIL SHAIKH
Appin Tech 2011 Competitive intelligence tool: 1. Trellian Trellian compiles and analyzes internet usage statistics to create a powerful competitive intelligence tool that no business should be without ER.MUJMMIL SHAIKH
Appin Tech 2011 2. Web Investigator Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 3. Relevant Noise. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 4. Reputica Dashboard. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 5. My Reputation. My Reputation finds out everything that is being said about you online and gets rid of the content you do not like. Public & private websites ER.MUJMMIL SHAIKH
Appin Tech 2011 FOOTPRINTING TOOLS 1. Big Brother Big brother is designed to see how network is performing in near real-time from any web browser. It displays status information as web pages or WML pages for WAP-enabled devices. Big brother uses a client-server architecture combined with methods which push and pull data. Network testing is done by polling all monitored services from a single machine, and reporting these results to a central location (BBDISPLAY). Big brother include support for testing ftp,http,https,smtp,pop3,dns,telnet,imap,nntp and ssh servers. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 2. Bile Suite 3. Alchemy Network Tool. ER.MUJMMIL SHAIKH
Appin Tech 2011 4. Advanced Administrative Tool (AA) 5. My IP Suite ER.MUJMMIL SHAIKH
Appin Tech 2011 WHOIS TOOLS 1. Active whois. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 2. LAN Whois. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 3. Country Whois. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 4. Whereisip. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 5. IP2country. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 6. Caller IP. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 7. Web Data Extractor Tool. 8. Online Whois Tools. ER.MUJMMIL SHAIKH
Appin Tech 2011 DNS INFORMATION EXTRACTION TOOLS 1. Spider Foot. Spider foot is a free, open-source, and domain foot printing tool which will scrape the websites on that domain, as well as search Google, Netcraft, Whois, and DNS to build up information like:  Sub domains.  Affiliates.  Web server versions.  Users.  Similar Domains.  Email Addresses.  Net blocks. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 2. Nslookup. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 3. Expired Domains. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 4. Domain king. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 5. Domain Name Analyzer. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 6. Domain Inspect. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 LOCATING NETWORK RANGE 1. Commonly includes:  Finding the range of IP addresses.  Discerning the subnet mask. 2. Information Sources:  ARIN (American registry of internet Numbers).  Trace route. 3. Hacking Tool:  NeoTrace.  Visual Route. ARIN Arin allows searches on the whois database to locate information on a network‟s autonomous system numbers (ASNs), network-related handles, and other related point of contact (POC). ARIN whois allows querying the IP address to find information on the strategy used for subnet Addressing. ER.MUJMMIL SHAIKH
Appin Tech 2011 Trace route Trace route works by exploiting a feature of the internet protocol called TTL or Time to Live. Trace route reveals the path IP packets travel between two systems by sending out consecutive sets Of UDP or ICMP packets with ever increasing TTLs. As each router processes an IP packet, it decrements the TTL, when the TTL reaches zero, that router sends back a “TTL exceeded” message (Using ICMP) to the originator. Routers with reverse DNS entries may reveal the name of routers, network affiliation, and geographic location. Screenshot:- ER.MUJMMIL SHAIKH
Appin Tech 2011 Trace Route Analysis It is a program that can be used to determine the path from source to destination. By using this information, an attacker determines the layout of a network and the location of each device. For example: after running several trace routes, an attacker might obtain the following information.  Trace route 1.10.10.20, second to last hop is 1.10.10.1.  Trace route 1.10.20.10, third to last hop is 1.10.10.1.  Trace route 1.10.20.10, second to last hop is 1.10.10.50.  Trace route 1.10.20.15, third to last hop is 1.10.10.1.  Trace route 1.10.20.15, second to last hop is 1.10.10.50. ER.MUJMMIL SHAIKH
Appin Tech 2011 E-MAIL SPIDERS Have you ever wondered how spammers generate a huge mailing database? They pick tons of e-mail addresses by searching in the internet. All they need is a web spidering tool picking up e- mail addresses and storing them to a database. If these tools run the entire night, they can capture hundreds of thousands of e-mail addresses. Power E-mail Collector Tool o It is a powerful email address harvesting program. o It can collect up to 750,000 unique valid email addresses per hour with a cable/Dsl. o It only collects valid email addresses. o You do not have to worry about ending up with undeliverable addresses. ER.MUJMMIL SHAIKH
Appin Tech 2011 LOCATING NETWORK ACTIVITY 1. GEO Spider Tool GEO spider helps you to detect, identify, and monitor your network activity on the world map. You can see website‟s IP address location on the earth. Geo spider can trace a domain name. ER.MUJMMIL SHAIKH
Appin Tech 2011 2. Geo where tool. Geo where handles many popular news groups to find answers to your queries in an easy and fast manner. it can also seek information from country specific search engines for better results. Use Geo where to footprint an organizations:  News groups search  Mailing list finder  Easy web search  Daily news ER.MUJMMIL SHAIKH
Appin Tech 2011 SEARCH ENGINES A web search engine is designed to search for information on the World Wide Web and FTP servers. The search results are generally presented in a list of results and are often called hits. The information may consist of web pages, images, information and other types of files. Some search engines also mine data available in databases or open directories. Unlike Web directories, which are maintained by human editors, search engines operate algorithmically or are a mixture of algorithmic and human input. A new type of search engine has recently been launched where an individual can own keywords and profit from that relationship. 1. Kartoo Search Engine. 2. Dogpile Search Engine. Search Engine List 1. 20SEARCH 2. ALL THE WEB 3. ALTA VISTA 4. AOL SEARCH 5. ASK JEEVES 6. DOGPILE 7. EBAY 8. EXCITE 9. GIGABLAST 10.GOOGLE 11.IWON 12.JOEANT 13.LYCOS 14.MAMMA 15.MSN 16.NETSCAPE 17.OPEN DIRECTORY 18.WEBCRAWLER 19.WIKIPEDIA 20.YAHOO ER.MUJMMIL SHAIKH
Appin Tech 2011 How to fake websites? Website spoofing Website spoofing is the act of creating a website, as a hoax, with the intention of misleading readers that the website has been created by a different person or organization. Another meaning for spoof is fake websites. Normally, the website will adopt the design of the target website and sometimes has a similar URL. Another technique is to use a 'cloaked' URL. By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the address of the actual website. The objective may be fraudulent, often associated with phishing or e-mail spoofing, or to criticize or make fun of the person or body whose website the spoofed site purports to represent. Steps to create fake login pages: 1. Open any form building website (www.xyz.com) & sign up. 2. Login with newly registered account. 3. Click > create first form. 4. Delete all pre-defined entries and just leave „first name‟. 5. Click > first name & click > power tool option. 6. Double click > password Box. 7. Click the newly form password entry to rename it as „password‟. 8. Click > properties option. 9. Give any title to the form. 10.Put any link. 11.Open source code option. 12.Code is save “.html” Format. 13.Using free hosting website upload file. ER.MUJMMIL SHAIKH
Appin Tech 2011 Summary: ER.MUJMMIL SHAIKH

Empfohlen

Hacking
HackingHacking
Hackinggvsai501
 
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7
 
China Cyber
China CyberChina Cyber
China CyberDominic Karunesudas
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAirTight Networks
 
Honeypot-Defense through Mechanism
Honeypot-Defense through MechanismHoneypot-Defense through Mechanism
Honeypot-Defense through MechanismKarthik Bharadwaj
 
Fragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your AppFragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your AppAppsecco
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyTyler Shields
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 

Empfohlen

Hacking
HackingHacking
Hackinggvsai501
 
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7
 
China Cyber
China CyberChina Cyber
China CyberDominic Karunesudas
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAirTight Networks
 
Honeypot-Defense through Mechanism
Honeypot-Defense through MechanismHoneypot-Defense through Mechanism
Honeypot-Defense through MechanismKarthik Bharadwaj
 
Fragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your AppFragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your AppAppsecco
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyTyler Shields
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
Anonymizers
AnonymizersAnonymizers
AnonymizersGregory Hanis
 
Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...
Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...
Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...Brian Ghilliotti
 
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...IOSR Journals
 
Malware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthMalware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
 
M0704071074
M0704071074M0704071074
M0704071074IJERD Editor
 
iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and EncryptionUrvashi Kataria
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreInMobi Technology
 
Es34887891
Es34887891Es34887891
Es34887891IJERA Editor
 
Internet of things security multilayered method for end to end data communi...
Internet of things security multilayered method for end to end data communi...Internet of things security multilayered method for end to end data communi...
Internet of things security multilayered method for end to end data communi...Akash AR
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksIcomm Technologies
 
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber AttackInadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber AttackBill Duncan
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An OverviewIRJET Journal
 
Hacking
HackingHacking
Hackinggvsai501
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
Information gatherimg
Information gatherimgInformation gatherimg
Information gatherimgAshok kumar sandhyala
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptxImXaib
 
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Disha Bedi
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)Wail Hassan
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET Journal
 
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxDomain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxInfosectrain3
 

Weitere ähnliche Inhalte

Was ist angesagt?

Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...
Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...
Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...Brian Ghilliotti
 
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...IOSR Journals
 
Malware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthMalware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
 
iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and EncryptionUrvashi Kataria
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreInMobi Technology
 
Internet of things security multilayered method for end to end data communi...
Internet of things security multilayered method for end to end data communi...Internet of things security multilayered method for end to end data communi...
Internet of things security multilayered method for end to end data communi...Akash AR
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksIcomm Technologies
 
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber AttackInadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber AttackBill Duncan
 

Was ist angesagt? (12)

Anonymizers
AnonymizersAnonymizers
Anonymizers
 
Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...
Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...
Brian Ghilliotti: Electronic Commerce: Applications of Raspberry Pie: Norwalk...
 
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
 
Malware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthMalware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient Truth
 
M0704071074
M0704071074M0704071074
M0704071074
 
iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and Encryption
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet Bangalore
 
Es34887891
Es34887891Es34887891
Es34887891
 
Internet of things security multilayered method for end to end data communi...
Internet of things security multilayered method for end to end data communi...Internet of things security multilayered method for end to end data communi...
Internet of things security multilayered method for end to end data communi...
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate Networks
 
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber AttackInadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
 

Ähnlich wie Footprinting _ By Mujmmil Shaikh

Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An OverviewIRJET Journal
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptxImXaib
 
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Disha Bedi
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)Wail Hassan
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET Journal
 
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxDomain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxInfosectrain3
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
Internet Relay Chat Forensics
Internet Relay Chat ForensicsInternet Relay Chat Forensics
Internet Relay Chat ForensicsIJSRD
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
 

Ähnlich wie Footprinting _ By Mujmmil Shaikh (20)

Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An Overview
 
Hacking
HackingHacking
Hacking
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
Information gatherimg
Information gatherimgInformation gatherimg
Information gatherimg
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptx
 
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection System
 
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxDomain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Assingment 5 - ENSA
Assingment 5 - ENSAAssingment 5 - ENSA
Assingment 5 - ENSA
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
Internet Relay Chat Forensics
Internet Relay Chat ForensicsInternet Relay Chat Forensics
Internet Relay Chat Forensics
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
 
security onion
security onionsecurity onion
security onion
 
Apache Metron: Community Driven Cyber Security
Apache Metron: Community Driven Cyber Security Apache Metron: Community Driven Cyber Security
Apache Metron: Community Driven Cyber Security
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
 

Kürzlich hochgeladen

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 

Kürzlich hochgeladen (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 

Footprinting _ By Mujmmil Shaikh

  • 1. IT Security & Ethical Hacking “FOOTPRINTING” BY Er. Mujmmil Shaikh
  • 2. Appin Tech 2011 Table of Content 1. Introduction. 2. Why Footprinting Necessary? 3. Areas & Information which attackers seek. 4. Information Gathering Methodology. 5. Competitive Intelligence Gathering. 6. Footprinting Tools. 7. Who is Tools? 8. DNS Information Extraction Tools. 9. Locating Network Range. 10. E-mail Spiders. 11. Locating Network Activity. 12. Search Engines. 13. How to Fake Websites? 14. Summary. ER.MUJMMIL SHAIKH
  • 3. Appin Tech 2011 Introduction Footprinting is the blueprint of the security profile of an organization, undertaken in a methodological manner. Footprinting is one of the three pre attack phases; an attacker spends 90% of the time in profiling an organization and another 10% in launching the attack. Footprinting results in a unique organization profile with respect to Networks (Internet/intranet/extranet/wireless) and systems involved. Why Footprinting Necessary? Footprinting is necessary to systematically and methodically Ensure that all pieces of information related to the aforementioned technologies are identified. Footprinting is often the most difficult task to determine the security posture of an entity. ER.MUJMMIL SHAIKH
  • 4. Appin Tech 2011 Areas and information which attackers seek INFORMATION GATHERING 1. Information Gathering Methodology  Unearth initial information.  Locate the network range.  Ascertain active machines.  Discover open ports/access points.  Detect operating systems.  Uncover services on ports.  Map the network. ER.MUJMMIL SHAIKH
  • 5. Appin Tech 2011 2. Passive Information Gathering Passive Information Gathering means To understand the current security status of a particular information system, organizations perform either a penetration testing or other hacking techniques. It is done by finding out the freely available details over the internet and by various other techniques without coming in contact with the organizations servers. Organizational and other informative websites are exceptions as the information gathering activities carried out by an attacker do not raise suspicion. COMPETITIVE INTELLIGENCE GATHERING Business moves fast. Product cycles are measured in months, not years. Partners become rivals quicker than you can say „breach of contract.‟ So how can you possibly hope to keep up with your competitors if you can‟t keep an eye on them? It is the process of gathering information about your competitors from resources such as the internet. The competitive intelligence is non-interfering and subtle in nature. It is both a product and a process. ER.MUJMMIL SHAIKH
  • 6. Appin Tech 2011 Why do you need competitive intelligence? ER.MUJMMIL SHAIKH
  • 7. Appin Tech 2011 Competitive intelligence tool: 1. Trellian Trellian compiles and analyzes internet usage statistics to create a powerful competitive intelligence tool that no business should be without ER.MUJMMIL SHAIKH
  • 8. Appin Tech 2011 2. Web Investigator Screenshot:- ER.MUJMMIL SHAIKH
  • 9. Appin Tech 2011 3. Relevant Noise. Screenshot:- ER.MUJMMIL SHAIKH
  • 10. Appin Tech 2011 4. Reputica Dashboard. Screenshot:- ER.MUJMMIL SHAIKH
  • 11. Appin Tech 2011 5. My Reputation. My Reputation finds out everything that is being said about you online and gets rid of the content you do not like. Public & private websites ER.MUJMMIL SHAIKH
  • 12. Appin Tech 2011 FOOTPRINTING TOOLS 1. Big Brother Big brother is designed to see how network is performing in near real-time from any web browser. It displays status information as web pages or WML pages for WAP-enabled devices. Big brother uses a client-server architecture combined with methods which push and pull data. Network testing is done by polling all monitored services from a single machine, and reporting these results to a central location (BBDISPLAY). Big brother include support for testing ftp,http,https,smtp,pop3,dns,telnet,imap,nntp and ssh servers. Screenshot:- ER.MUJMMIL SHAIKH
  • 13. Appin Tech 2011 2. Bile Suite 3. Alchemy Network Tool. ER.MUJMMIL SHAIKH
  • 14. Appin Tech 2011 4. Advanced Administrative Tool (AA) 5. My IP Suite ER.MUJMMIL SHAIKH
  • 15. Appin Tech 2011 WHOIS TOOLS 1. Active whois. Screenshot:- ER.MUJMMIL SHAIKH
  • 16. Appin Tech 2011 2. LAN Whois. Screenshot:- ER.MUJMMIL SHAIKH
  • 17. Appin Tech 2011 3. Country Whois. Screenshot:- ER.MUJMMIL SHAIKH
  • 18. Appin Tech 2011 4. Whereisip. Screenshot:- ER.MUJMMIL SHAIKH
  • 19. Appin Tech 2011 5. IP2country. Screenshot:- ER.MUJMMIL SHAIKH
  • 20. Appin Tech 2011 6. Caller IP. Screenshot:- ER.MUJMMIL SHAIKH
  • 21. Appin Tech 2011 7. Web Data Extractor Tool. 8. Online Whois Tools. ER.MUJMMIL SHAIKH
  • 22. Appin Tech 2011 DNS INFORMATION EXTRACTION TOOLS 1. Spider Foot. Spider foot is a free, open-source, and domain foot printing tool which will scrape the websites on that domain, as well as search Google, Netcraft, Whois, and DNS to build up information like:  Sub domains.  Affiliates.  Web server versions.  Users.  Similar Domains.  Email Addresses.  Net blocks. Screenshot:- ER.MUJMMIL SHAIKH
  • 23. Appin Tech 2011 2. Nslookup. Screenshot:- ER.MUJMMIL SHAIKH
  • 24. Appin Tech 2011 3. Expired Domains. Screenshot:- ER.MUJMMIL SHAIKH
  • 25. Appin Tech 2011 4. Domain king. Screenshot:- ER.MUJMMIL SHAIKH
  • 26. Appin Tech 2011 5. Domain Name Analyzer. Screenshot:- ER.MUJMMIL SHAIKH
  • 27. Appin Tech 2011 6. Domain Inspect. Screenshot:- ER.MUJMMIL SHAIKH
  • 28. Appin Tech 2011 LOCATING NETWORK RANGE 1. Commonly includes:  Finding the range of IP addresses.  Discerning the subnet mask. 2. Information Sources:  ARIN (American registry of internet Numbers).  Trace route. 3. Hacking Tool:  NeoTrace.  Visual Route. ARIN Arin allows searches on the whois database to locate information on a network‟s autonomous system numbers (ASNs), network-related handles, and other related point of contact (POC). ARIN whois allows querying the IP address to find information on the strategy used for subnet Addressing. ER.MUJMMIL SHAIKH
  • 29. Appin Tech 2011 Trace route Trace route works by exploiting a feature of the internet protocol called TTL or Time to Live. Trace route reveals the path IP packets travel between two systems by sending out consecutive sets Of UDP or ICMP packets with ever increasing TTLs. As each router processes an IP packet, it decrements the TTL, when the TTL reaches zero, that router sends back a “TTL exceeded” message (Using ICMP) to the originator. Routers with reverse DNS entries may reveal the name of routers, network affiliation, and geographic location. Screenshot:- ER.MUJMMIL SHAIKH
  • 30. Appin Tech 2011 Trace Route Analysis It is a program that can be used to determine the path from source to destination. By using this information, an attacker determines the layout of a network and the location of each device. For example: after running several trace routes, an attacker might obtain the following information.  Trace route 1.10.10.20, second to last hop is 1.10.10.1.  Trace route 1.10.20.10, third to last hop is 1.10.10.1.  Trace route 1.10.20.10, second to last hop is 1.10.10.50.  Trace route 1.10.20.15, third to last hop is 1.10.10.1.  Trace route 1.10.20.15, second to last hop is 1.10.10.50. ER.MUJMMIL SHAIKH
  • 31. Appin Tech 2011 E-MAIL SPIDERS Have you ever wondered how spammers generate a huge mailing database? They pick tons of e-mail addresses by searching in the internet. All they need is a web spidering tool picking up e- mail addresses and storing them to a database. If these tools run the entire night, they can capture hundreds of thousands of e-mail addresses. Power E-mail Collector Tool o It is a powerful email address harvesting program. o It can collect up to 750,000 unique valid email addresses per hour with a cable/Dsl. o It only collects valid email addresses. o You do not have to worry about ending up with undeliverable addresses. ER.MUJMMIL SHAIKH
  • 32. Appin Tech 2011 LOCATING NETWORK ACTIVITY 1. GEO Spider Tool GEO spider helps you to detect, identify, and monitor your network activity on the world map. You can see website‟s IP address location on the earth. Geo spider can trace a domain name. ER.MUJMMIL SHAIKH
  • 33. Appin Tech 2011 2. Geo where tool. Geo where handles many popular news groups to find answers to your queries in an easy and fast manner. it can also seek information from country specific search engines for better results. Use Geo where to footprint an organizations:  News groups search  Mailing list finder  Easy web search  Daily news ER.MUJMMIL SHAIKH
  • 34. Appin Tech 2011 SEARCH ENGINES A web search engine is designed to search for information on the World Wide Web and FTP servers. The search results are generally presented in a list of results and are often called hits. The information may consist of web pages, images, information and other types of files. Some search engines also mine data available in databases or open directories. Unlike Web directories, which are maintained by human editors, search engines operate algorithmically or are a mixture of algorithmic and human input. A new type of search engine has recently been launched where an individual can own keywords and profit from that relationship. 1. Kartoo Search Engine. 2. Dogpile Search Engine. Search Engine List 1. 20SEARCH 2. ALL THE WEB 3. ALTA VISTA 4. AOL SEARCH 5. ASK JEEVES 6. DOGPILE 7. EBAY 8. EXCITE 9. GIGABLAST 10.GOOGLE 11.IWON 12.JOEANT 13.LYCOS 14.MAMMA 15.MSN 16.NETSCAPE 17.OPEN DIRECTORY 18.WEBCRAWLER 19.WIKIPEDIA 20.YAHOO ER.MUJMMIL SHAIKH
  • 35. Appin Tech 2011 How to fake websites? Website spoofing Website spoofing is the act of creating a website, as a hoax, with the intention of misleading readers that the website has been created by a different person or organization. Another meaning for spoof is fake websites. Normally, the website will adopt the design of the target website and sometimes has a similar URL. Another technique is to use a 'cloaked' URL. By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the address of the actual website. The objective may be fraudulent, often associated with phishing or e-mail spoofing, or to criticize or make fun of the person or body whose website the spoofed site purports to represent. Steps to create fake login pages: 1. Open any form building website (www.xyz.com) & sign up. 2. Login with newly registered account. 3. Click > create first form. 4. Delete all pre-defined entries and just leave „first name‟. 5. Click > first name & click > power tool option. 6. Double click > password Box. 7. Click the newly form password entry to rename it as „password‟. 8. Click > properties option. 9. Give any title to the form. 10.Put any link. 11.Open source code option. 12.Code is save “.html” Format. 13.Using free hosting website upload file. ER.MUJMMIL SHAIKH