Open source footprinting
Perform whois request, searching thorough DNS tables are other forms of open source footprinting. Most of the information is fairly easy to get and within legal limits. One easy way to check for sensitive information is to check the HTML source code of the website to look for links comments, Meta tags etc.
The attack can choose to source information from:
There are tools available to aid whois:
Reader is encouraged to read RFC 1034, 1035 and standards std/std13 - Internet standard for Domain Name.
Perform whois request, searching thorough DNS tables are other forms of open source footprinting. Most of the information is fairly easy to get and within legal limits. One easy way to check for sensitive information is to check the HTML source code of the website to look for links comments, Meta tags etc.
The attack can choose to source information from:
- A web page (save it offline, e.g. using offline browser such as Teleport pro at http://www.tenmax.com/teleprot/pro/home.htm )
- Yahoo or other directories (Tifny is a comprehensive search tool for USENET newsgrops)
- Multiple search engines (All-in-one, Dogpile), groups.google.com is a great resource for searching large number of news groups archives without having to use a tool
- Using advanced search (e.g. AltaVista where revers links can be unearthed to vulnerabile sites)
- Search on publicly trade companies (e.g. EDGAR)
- Dumpster diving (to retrieve document that is carelessly disposed)
- Physical access (False ID, temporary/contract employee etc)
There are tools available to aid whois:
Reader is encouraged to read RFC 1034, 1035 and standards std/std13 - Internet standard for Domain Name.
沒有留言:
張貼留言