Reconnaissance (Footprinting)

Welcome to the Footprinting module. This note will guide you thru all the methodologies that I used while preparing for the CEH (Practical) exam.

Information Gathering using Google Dorks

Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes i the configuration and computer code that websites are using. Google dorking could also be used for OSINT.

Netcraft and Peekyou

Harvesting Email using theHarvester

theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open-source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources.

theharvester -d -l 200 -b baidu


  • Sherlock is a tool used to Gather information and hunts down social media accounts by username across social networks about the users.

python3 satoshi nakamoto


Ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol network. It is available for virtually all operating systems that have networking capability, including most embedded network administration software

ping -f -l 1500 -i 3
-f = Fragment the packets
-l = Size of bytes
-i = Number of packets

The maximum size of the frame is 1472

Web Data Extractor

  • Web Data Extractor is a Windows Tool

  • The tool is used to crawl website content like:

    • Meta Tags

    • Emails

    • Phones

    • Etc...


  • HTTrack is a tool used to mirror a website and use it in offline


  • Cwel is a tool used to create a wordlist from a specific website

cewl -d -w save_wordlist.txt 2 -m 5

Email Tracker Pro

  • Email Tracker Pro is used to track and check the Email Headers.

Whois Lookup using Domain Tools

  • is a tool used to lookup the details of a particular domain.

  • WHOIS is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system but is also used for a wider range of other information.

DNS Footprinting


  • nslookup is a network administration command-line tool for querying the Domain Name System to obtain the mapping between a domain name and IP address r other DNS records.


DNSRecon is a free and open-source tool or script that is available on GitHub. Dnsrecon is one of the popular scripts in the security community which is used for reconnaissance on domains. This script is written in python language. You must have python language installed in your kali Linux operating system in order to use the script.

dnsrecon -r


  • Traceroute is used to find the path IP to reach the website.

  • In computing, traceroute and tracert are computer network diagnostic commands for displaying possible routes and measuring transit delays of packets across an Internet Protocol network.

Path Analyzer Pro

  • Path Analyzer Pro is a tool used to track the Path and it is a GUI windows application

Other Tools

  • Recon-ng

  • Maltego

  • OSRFramework

OSRFramework Tools -n Mark Zuckerberg -p twitter facebook youtube -n eccouncil -t all (Gather all the registered domains) (Gathers info of user on Social networking page) (Gathers info about email accounts) (Gathers the series of phones)
  • FOCA (Best tool to footprint the whole Web server Must check)

  • Billcypher is a tool used to track down

Last updated